Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow
Vulnerability Description
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
整数下溢(超界折返)
Vulnerability Title
Tencent RapidJSON 安全漏洞
Vulnerability Description
Tencent RapidJSON是中国腾讯(Tencent)公司的一个具有 SAX/DOM 样式 API 的 C++ 快速 JSON 解析器/生成器。 Tencent RapidJSON存在安全漏洞,该漏洞源于include/rapidjson/reader.h中的GenericReader::ParseNumber函数出现整数下溢问题。攻击者利用该漏洞可以提升权限。
CVSS Information
N/A
Vulnerability Type
N/A