CVE-2024-58264: serde-json-wasm stack overflow during recursive JSON parsing
(updated )
When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth.
References
- github.com/CosmWasm/serde-json-wasm
- github.com/CosmWasm/serde-json-wasm/commit/a9a9b9bf243862bd2afbf6853fca97f30dc4f620
- github.com/CosmWasm/serde-json-wasm/commit/e78f9e28b3a2151d3175ee88ab2a001bf9515429
- github.com/advisories/GHSA-rr69-rxr6-8qwf
- nvd.nist.gov/vuln/detail/CVE-2024-58264
- rustsec.org/advisories/RUSTSEC-2024-0012.html
Code Behaviors & Features
Detect and mitigate CVE-2024-58264 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →