CVE-2024-21907 Information

Jan 04, 2024 cve

Description

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library an unauthenticated and remote attacker may be able to cause the denial of service condition.

Reference

https://github.com/JamesNK/Newtonsoft.Json/issues/2457 https://github.com/JamesNK/Newtonsoft.Json/pull/2462 https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66 https://alephsecurity.com/2018/10/22/StackOverflowException/ https://alephsecurity.com/vulns/aleph-2018004 https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 https://github.com/advisories/GHSA-5crp-9r3c-p9vr https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr

Share on: