Package: rapidjson X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for rapidjson. CVE-2024-38517[0]: | Tencent RapidJSON is vulnerable to privilege escalation due to an | integer underflow in the `GenericReader::ParseNumber()` function of | `include/rapidjson/reader.h` when parsing JSON text from a stream. | An attacker needs to send the victim a crafted file which needs to | be opened; this triggers the integer underflow vulnerability (when | the file is parsed), leading to elevation of privilege. https://github.com/Tencent/rapidjson/pull/1261 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-38517 https://www.cve.org/CVERecord?id=CVE-2024-38517 Please adjust the affected versions in the BTS as needed.
