Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
References
Link | Resource |
---|---|
https://alephsecurity.com/2018/10/22/StackOverflowException/ | Exploit |
https://alephsecurity.com/vulns/aleph-2018004 | Exploit |
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66 | Patch |
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 | Exploit Issue Tracking Third Party Advisory |
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 | Patch |
https://github.com/advisories/GHSA-5crp-9r3c-p9vr | Third Party Advisory |
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 | Exploit Third Party Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr | Third Party Advisory |
Configurations
History
17 Jan 2024, 15:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Newtonsoft json.net
Newtonsoft |
|
CPE | cpe:2.3:a:newtonsoft:json.net:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr - Third Party Advisory | |
References | () https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 - Exploit, Third Party Advisory | |
References | () https://github.com/JamesNK/Newtonsoft.Json/pull/2462 - Patch | |
References | () https://alephsecurity.com/vulns/aleph-2018004 - Exploit | |
References | () https://github.com/JamesNK/Newtonsoft.Json/issues/2457 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://github.com/advisories/GHSA-5crp-9r3c-p9vr - Third Party Advisory | |
References | () https://alephsecurity.com/2018/10/22/StackOverflowException/ - Exploit | |
References | () https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66 - Patch | |
CWE | CWE-755 |
03 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-03 16:15
Updated : 2024-09-06 19:35
NVD link : CVE-2024-21907
Mitre link : CVE-2024-21907
CVE.ORG link : CVE-2024-21907
JSON object : View
Products Affected
newtonsoft
- json.net
CWE
CWE-755
Improper Handling of Exceptional Conditions