Nixpkgs security tracker

Dismissed

Permalink CVE-2024-21907

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 4 months ago by @Erethon Activity log

Created automatic suggestion 4 months, 1 week ago
@Erethon dismissed 4 months ago
@Erethon accepted 4 months ago
@Erethon dismissed 4 months ago
@Erethon accepted 4 months ago
@Erethon dismissed 4 months ago
@Erethon accepted 4 months ago
@Erethon dismissed 4 months ago
@Erethon accepted 4 months ago
@Erethon dismissed 4 months ago
@Erethon accepted 4 months ago
@Erethon dismissed 4 months ago

Improper Handling of Exceptional Conditions in Newtonsoft.Json

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

References

https://github.com/JamesNK/Newtonsoft.Json/issues/2457 issue-tracking
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 related
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53ab… related
https://alephsecurity.com/2018/10/22/StackOverflowException/ related
https://alephsecurity.com/vulns/aleph-2018004 related
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 related
https://github.com/advisories/GHSA-5crp-9r3c-p9vr third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr third-party-advisory
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 issue-trackingx_transferred
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 relatedx_transferred
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53ab… relatedx_transferred
https://alephsecurity.com/2018/10/22/StackOverflowException/ relatedx_transferred
https://alephsecurity.com/vulns/aleph-2018004 relatedx_transferred
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 relatedx_transferred
https://github.com/advisories/GHSA-5crp-9r3c-p9vr third-party-advisoryx_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr third-party-advisoryx_transferred
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 issue-tracking
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 related
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53ab… related
https://alephsecurity.com/2018/10/22/StackOverflowException/ related
https://alephsecurity.com/vulns/aleph-2018004 related
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 related
https://github.com/advisories/GHSA-5crp-9r3c-p9vr third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr third-party-advisory
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 issue-tracking
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 related
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53ab… related
https://alephsecurity.com/2018/10/22/StackOverflowException/ related
https://alephsecurity.com/vulns/aleph-2018004 related
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 related
https://github.com/advisories/GHSA-5crp-9r3c-p9vr third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr third-party-advisory
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 issue-trackingx_transferred
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 relatedx_transferred
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53ab… relatedx_transferred
https://alephsecurity.com/2018/10/22/StackOverflowException/ relatedx_transferred
https://alephsecurity.com/vulns/aleph-2018004 relatedx_transferred
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 relatedx_transferred
https://github.com/advisories/GHSA-5crp-9r3c-p9vr third-party-advisoryx_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr third-party-advisoryx_transferred
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 issue-tracking
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 related
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53ab… related
https://alephsecurity.com/2018/10/22/StackOverflowException/ related
https://alephsecurity.com/vulns/aleph-2018004 related
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 related
https://github.com/advisories/GHSA-5crp-9r3c-p9vr third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr third-party-advisory
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 issue-trackingx_transferred
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 relatedx_transferred
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53ab… relatedx_transferred
https://alephsecurity.com/2018/10/22/StackOverflowException/ relatedx_transferred
https://alephsecurity.com/vulns/aleph-2018004 relatedx_transferred
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 relatedx_transferred
https://github.com/advisories/GHSA-5crp-9r3c-p9vr third-party-advisoryx_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr third-party-advisoryx_transferred
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 issue-tracking
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 related
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53ab… related
https://alephsecurity.com/2018/10/22/StackOverflowException/ related
https://alephsecurity.com/vulns/aleph-2018004 related
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 related
https://github.com/advisories/GHSA-5crp-9r3c-p9vr third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr third-party-advisory
https://github.com/JamesNK/Newtonsoft.Json/issues/2457 issue-trackingx_transferred
https://github.com/JamesNK/Newtonsoft.Json/pull/2462 relatedx_transferred
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53ab… relatedx_transferred
https://alephsecurity.com/2018/10/22/StackOverflowException/ relatedx_transferred
https://alephsecurity.com/vulns/aleph-2018004 relatedx_transferred
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 relatedx_transferred
https://github.com/advisories/GHSA-5crp-9r3c-p9vr third-party-advisoryx_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr third-party-advisoryx_transferred

Affected products

Newtonsoft.Json

<13.0.1

Matching in nixpkgs

pkgs.dotnetPackages.NewtonsoftJson

None

nixos-unstable 11.0.2
- nixpkgs-unstable 11.0.2
- nixos-unstable-small 11.0.2

dismiss test

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.dotnetPackages.NewtonsoftJson