CVE-2024-21907

high

Description

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

References

https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr

https://github.com/advisories/GHSA-5crp-9r3c-p9vr

https://github.com/JamesNK/Newtonsoft.Json/pull/2462

https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66

Details

Source: Mitre, NVD

Published: 2024-01-03

Updated: 2024-01-17

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High