Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json

GHSA-8rfx-6mr3-5jh3

Published Jan 3, 2024 · Modified Nov 28, 2024

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references.

Original Description

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-21907
WEB https://github.com/JamesNK/Newtonsoft.Json/issues/2457
WEB https://github.com/JamesNK/Newtonsoft.Json/pull/2462
WEB https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66
WEB https://alephsecurity.com/2018/10/22/StackOverflowException
WEB https://alephsecurity.com/vulns/aleph-2018004
ADVISORY https://github.com/advisories/GHSA-5crp-9r3c-p9vr
WEB https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
WEB https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes