CVE-2024-21907
CVSS V2 None
CVSS V3 None
Description
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
Overview
- CVE ID
- CVE-2024-21907
- Assigner
- VulnCheck
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-03T15:23:04.441Z
- Last Modified Date
- 2024-01-03T15:23:04.441Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/JamesNK/Newtonsoft.Json/issues/2457 | issue-tracking |
| https://github.com/JamesNK/Newtonsoft.Json/pull/2462 | related |
| https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66 | related |
| https://alephsecurity.com/2018/10/22/StackOverflowException/ | related |
| https://alephsecurity.com/vulns/aleph-2018004 | related |
| https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 | related |
| https://github.com/advisories/GHSA-5crp-9r3c-p9vr | third-party-advisory |
| https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr | third-party-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-21907 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21907 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 15:02:01 | Added to TrackCVE |