<p>There is no fixed version for <code>tencent.rapidjson</code>.</p>

NULL Pointer Dereference Affecting tencent.rapidjson package, versions [0,]

Snyk CVSS

Attack Complexity Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DOTNET-TENCENTRAPIDJSON-1278134
published 30 Jul 2021
disclosed 30 Apr 2021
credit @mpumford, @WinCInn, @leeyiw

Report a new vulnerability Found a mistake?

Introduced: 30 Apr 2021

CWE-476 Open this link in a new tab

How to fix?

There is no fixed version for tencent.rapidjson.

Overview

tencent.rapidjson is a fast JSON parser/generator for C++ with both SAX/DOM style API

Affected versions of this package are vulnerable to NULL Pointer Dereference as rapidjson::Stack can dereference NULL pointer. The root cause of the problem is that there are no checks for when allocators (Malloc, Realloc) return null.

References

GitHub Issue
GitHub Issue
GitHub Issue