Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-684 advisory.

    Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the     `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a     stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the     integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.
    (CVE-2024-38517)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-fb1e912d0e advisory.

    Fix for CVE-2024-38517.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a3c1b2629e advisory.

    Fix for CVE-2024-38517.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Windows host is missing security update 5040434. It is, therefore, affected by multiple vulnerabilities

  - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any     valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-     prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

  - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2024-30013, CVE-2024-38104)     Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Windows host is missing security update 5040431. It is, therefore, affected by multiple vulnerabilities

  - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any     valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-     prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

  - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2024-30013, CVE-2024-38104)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Windows host is missing security update 5040437. It is, therefore, affected by multiple vulnerabilities

  - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any     valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-     prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Windows host is missing security update 5040438. It is, therefore, affected by multiple vulnerabilities

  - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any     valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-     prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Windows host is missing security update 5040427. It is, therefore, affected by multiple vulnerabilities

  - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any     valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-     prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)   
  - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2024-30013, CVE-2024-38104)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Windows host is missing security update 5040442. It is, therefore, affected by multiple vulnerabilities

  - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any     valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-     prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

  - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2024-30013, CVE-2024-38104)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Windows host is missing security update 5040430. It is, therefore, affected by multiple vulnerabilities

  - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any     valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-     prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
205091	Amazon Linux 2023 : rapidjson-devel (ALAS2023-2024-684)	Nessus	Amazon Linux Local Security Checks	high
204698	Fedora 40 : rapidjson (2024-fb1e912d0e)	Nessus	Fedora Local Security Checks	high
204697	Fedora 39 : rapidjson (2024-a3c1b2629e)	Nessus	Fedora Local Security Checks	high
202043	KB5040434: Windows 10 Version 1607 / Windows Server 2016 Security Update (July 2024)	Nessus	Windows : Microsoft Bulletins	critical
202040	KB5040431: Windows 11 version 21H2 Security Update (July 2024)	Nessus	Windows : Microsoft Bulletins	high
202039	KB5040437: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (July 2024)	Nessus	Windows : Microsoft Bulletins	critical
202038	KB5040438: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (July 2024)	Nessus	Windows : Microsoft Bulletins	critical
202037	KB5040427: Windows 10 Version 22H2 Security Update (July 2024)	Nessus	Windows : Microsoft Bulletins	high
202036	KB5040442: Windows 11 version 22H2 Security Update (July 2024)	Nessus	Windows : Microsoft Bulletins	high
202028	KB5040430: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2024)	Nessus	Windows : Microsoft Bulletins	critical

Detections

Analytics

CVE-2024-38517

high

Tenable Plugins

high

high

high

critical

high

critical

critical

high

high

critical