Summaryinfo

A vulnerability marked as problematic has been reported in CosmWasm serde-json-wasm Crate up to 1.0.0 on Rust. Affected by this vulnerability is an unknown functionality of the component Deeply Nested JSON Data Handler. The manipulation leads to recursion. This vulnerability is uniquely identified as CVE-2024-58264. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in CosmWasm serde-json-wasm Crate up to 1.0.0 on Rust and classified as problematic. This issue affects an unknown code of the component Deeply Nested JSON Data Handler. The manipulation with an unknown input leads to a recursion vulnerability. Using CWE to declare the problem leads to CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. Impacted is availability. The summary by CVE is:

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data.

It is possible to read the advisory at rustsec.org. The identification of this vulnerability is CVE-2024-58264 since 07/27/2025. The exploitation is known to be difficult. Attacking locally is a requirement. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 1.0.1 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2024-54825). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Rust Package

Vendor

• CosmWasm

Name

• serde-json-wasm Crate

Version

• 1.0

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion