Detections
Analytics

CVE-2024-21907

high

Description

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

References

https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr

https://github.com/advisories/GHSA-5crp-9r3c-p9vr

https://www.theregister.com/2025/09/10/microsoft_patch_tuesday/

https://www.infosecurity-magazine.com/news/two-zero-days-patch-tuesday-cves/

https://thehackernews.com/2025/09/microsoft-fixes-80-flaws-including-smb.html

https://securityaffairs.com/182045/security/microsoft-patch-tuesday-security-updates-for-september-2025-fixed-two-zero-day-flaws.html

https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678

https://github.com/JamesNK/Newtonsoft.Json/pull/2462

https://github.com/JamesNK/Newtonsoft.Json/issues/2457

https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66

https://alephsecurity.com/vulns/aleph-2018004

https://alephsecurity.com/2018/10/22/StackOverflowException/

Details

Source: Mitre, NVD

Published: 2024-01-03

Updated: 2024-09-06

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.02523