Home > Vulnerability Database > CVE-2024-58264

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-58264

Good to know:

Date: July 26, 2025

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data.

Severity Score

3.2

Related Resources (8)

Url: https://github.com/CosmWasm/serde-json-wasm/commit/e78f9e28b3a2151d3175ee88ab2a001bf9515429

Url: https://crates.io/crates/serde-json-wasm

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-58264

Url: https://rustsec.org/advisories/RUSTSEC-2024-0012.html

Url: https://github.com/advisories/GHSA-rr69-rxr6-8qwf

Url: https://github.com/CosmWasm/serde-json-wasm/commit/a9a9b9bf243862bd2afbf6853fca97f30dc4f620

Url: https://github.com/CosmWasm/serde-json-wasm

Url: https://www.mend.io/vulnerability-database/CVE-2024-58264

Severity Score

3.2

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Uncontrolled Recursion

CWE-674

Top Fix

Upgrade Version

Upgrade to version serde-json-wasm - 1.0.1;https://github.com/CosmWasm/serde-json-wasm.git - v1.0.1

CVSS v3.1

Base Score:	3.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Do you need more information?

Contact Us