CVE-2024-39684 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-39684 Interim 1 3 2025-02-16T01:05:46Z current 2024-07-10T23:09:48Z 2025-02-16T01:05:46Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-39684 Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.5 openSUSE Leap 15.6 rapidjson rapidjson-devel rapidjson-devel as a component of SUSE Enterprise Storage 7.1 rapidjson as a component of SUSE Enterprise Storage 7.1 rapidjson-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS rapidjson as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS rapidjson-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS rapidjson as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS rapidjson-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS rapidjson as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS rapidjson-devel as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 rapidjson as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 rapidjson-devel as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 rapidjson as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 rapidjson-devel as a component of SUSE Linux Enterprise Server 15 SP3-LTSS rapidjson as a component of SUSE Linux Enterprise Server 15 SP3-LTSS rapidjson-devel as a component of SUSE Linux Enterprise Server 15 SP4-LTSS rapidjson as a component of SUSE Linux Enterprise Server 15 SP4-LTSS rapidjson-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 rapidjson as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 rapidjson-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 rapidjson as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 rapidjson-devel as a component of SUSE Manager Proxy 4.3 rapidjson as a component of SUSE Manager Proxy 4.3 rapidjson-devel as a component of SUSE Manager Retail Branch Server 4.3 rapidjson as a component of SUSE Manager Retail Branch Server 4.3 rapidjson-devel as a component of SUSE Manager Server 4.3 rapidjson as a component of SUSE Manager Server 4.3 rapidjson-devel as a component of openSUSE Leap 15.5 rapidjson as a component of openSUSE Leap 15.5 rapidjson-devel as a component of openSUSE Leap 15.6 rapidjson as a component of openSUSE Leap 15.6 Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege. CVE-2024-39684 SUSE Enterprise Storage 7.1:rapidjson SUSE Enterprise Storage 7.1:rapidjson-devel SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:rapidjson SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:rapidjson-devel SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rapidjson SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rapidjson-devel SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rapidjson SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rapidjson-devel SUSE Linux Enterprise Module for Server Applications 15 SP5:rapidjson SUSE Linux Enterprise Module for Server Applications 15 SP5:rapidjson-devel SUSE Linux Enterprise Module for Server Applications 15 SP6:rapidjson SUSE Linux Enterprise Module for Server Applications 15 SP6:rapidjson-devel SUSE Linux Enterprise Server 15 SP3-LTSS:rapidjson SUSE Linux Enterprise Server 15 SP3-LTSS:rapidjson-devel SUSE Linux Enterprise Server 15 SP4-LTSS:rapidjson SUSE Linux Enterprise Server 15 SP4-LTSS:rapidjson-devel SUSE Linux Enterprise Server for SAP Applications 15 SP3:rapidjson SUSE Linux Enterprise Server for SAP Applications 15 SP3:rapidjson-devel SUSE Linux Enterprise Server for SAP Applications 15 SP4:rapidjson SUSE Linux Enterprise Server for SAP Applications 15 SP4:rapidjson-devel SUSE Manager Proxy 4.3:rapidjson SUSE Manager Proxy 4.3:rapidjson-devel SUSE Manager Retail Branch Server 4.3:rapidjson SUSE Manager Retail Branch Server 4.3:rapidjson-devel SUSE Manager Server 4.3:rapidjson SUSE Manager Server 4.3:rapidjson-devel openSUSE Leap 15.5:rapidjson openSUSE Leap 15.5:rapidjson-devel openSUSE Leap 15.6:rapidjson openSUSE Leap 15.6:rapidjson-devel important 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H