vulnerability
Microsoft CVE-2024-21907: VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 9, 2025 | Sep 9, 2025 | Sep 29, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 9, 2025
Added
Sep 9, 2025
Modified
Sep 29, 2025
Description
CVE-2024-21907 addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition. The documented SQL Server updates incorporate updates in Newtonsoft.Json which address this vulnerability.
Please see CVE-2024-21907 for more information.
Solutions
msft-kb5065222-a73207f2-fdd2-465a-b054-448432ad9fb6-x64msft-kb5065223-b94d931b-272a-4297-8376-7f07638e4be3-x64msft-kb5065224-5807ca50-82dd-4640-98c4-13d3c6e4b06b-x64msft-kb5065225-80dda3f5-7b6d-4376-a64e-c8c88c112035-x64msft-kb5065226-b99518f2-1903-4d83-84e9-846b5e689592-x64
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.