CVE-2024-21907 — HIGH (7.5)

Q: How severe is CVE-2024-21907?

CVE-2024-21907 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-21907?

Check the references section above for vendor advisories and patch information. Affected products include: Newtonsoft Json.Net.

Vulnerability Description

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Newtonsoft	Json.Net	< 13.0.1

Related Weaknesses (CWE)

CWE-755

References

https://alephsecurity.com/2018/10/22/StackOverflowException/Exploit
https://alephsecurity.com/vulns/aleph-2018004Exploit
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfPatch
https://github.com/JamesNK/Newtonsoft.Json/issues/2457ExploitIssue TrackingThird Party Advisory
https://github.com/JamesNK/Newtonsoft.Json/pull/2462Patch
https://github.com/advisories/GHSA-5crp-9r3c-p9vrThird Party Advisory
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678ExploitThird Party Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vrThird Party Advisory
https://alephsecurity.com/2018/10/22/StackOverflowException/Exploit
https://alephsecurity.com/vulns/aleph-2018004Exploit
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfPatch
https://github.com/JamesNK/Newtonsoft.Json/issues/2457ExploitIssue TrackingThird Party Advisory
https://github.com/JamesNK/Newtonsoft.Json/pull/2462Patch
https://github.com/advisories/GHSA-5crp-9r3c-p9vrThird Party Advisory
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678ExploitThird Party Advisory

FAQ

What is CVE-2024-21907?

CVE-2024-21907 is a vulnerability with a CVSS score of 7.5 (HIGH). Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackO...

How severe is CVE-2024-21907?

CVE-2024-21907 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-21907?

Check the references section above for vendor advisories and patch information. Affected products include: Newtonsoft Json.Net.