Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Overflow
Vulnerability Description
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
整数溢出或超界折返
Vulnerability Title
Tencent RapidJSON 安全漏洞
Vulnerability Description
Tencent RapidJSON是中国腾讯(Tencent)公司的一个具有 SAX/DOM 样式 API 的 C++ 快速 JSON 解析器/生成器。 Tencent RapidJSON存在安全漏洞,该漏洞源于include/rapidjson/reader.h`中的 GenericReader::ParseNumber函数存在整数溢出漏洞。攻击者利用该漏洞可以提升权限。
CVSS Information
N/A
Vulnerability Type
N/A