CVE-2024-58264: 
Rust vulnerability analysis and mitigation

The serde-json-wasm crate before version 1.0.1 for Rust contains a vulnerability that allows stack consumption through deeply nested JSON data. This vulnerability was discovered and disclosed in early 2024, affecting all versions prior to 1.0.1 and versions before 0.5.2 in the 0.5.x series. The vulnerability has been assigned identifier CVE-2024-58264 (NVD, GitHub Advisory).

The vulnerability stems from unchecked recursion depth during JSON parsing operations. When processing untrusted JSON data with deep nesting levels, the parser can consume excessive stack space, leading to a stack overflow condition. The issue has received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction (NVD).

The primary impact of this vulnerability is on system availability. When exploited, it can cause a Denial of Service (DoS) condition through stack overflow, potentially causing the application to crash. The vulnerability does not affect data confidentiality or integrity (GitHub Advisory).

The vulnerability has been patched in serde-json-wasm version 1.0.1 and version 0.5.2. The fix implements a check for recursion depth during JSON parsing to prevent stack overflow conditions. Users are strongly advised to upgrade to these patched versions (RustSec Advisory).