Home > Vulnerability Database > CVE-2024-38525

Mend.io Vulnerability Database

CVE-2024-38525

Date: June 28, 2024

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the "nlohmann" JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2.

Language: C++

Severity Score

7.5

Related Resources (4)

Url: https://github.com/DataDog/dd-trace-cpp/security/advisories/GHSA-rf3p-mg22-qv6w

Url: https://github.com/DataDog/dd-trace-cpp/releases/tag/v0.2.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-38525

Url: https://www.mend.io/vulnerability-database/CVE-2024-38525

Severity Score

7.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Uncaught Exception

CWE-248

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-38525

Date: June 28, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?