RapidJSON vulnerability
Published: Mon, 20 Apr 2026 13:49
Summary
RapidJSON could be made to crash or run programs as an administrator if it opened a specially crafted file.
Details
It was discovered that RapidJSON did not properly protect against integer overflows in certain instances when parsing JSON text. A remote attacker could possibly use this issue to craft a malicious JSON file, that when read by RapidJSON, would lead to an elevation of privilege, resulting in the potential disclosure of sensitive information.
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu bionic
rapidjson→1.1.0+dfsg2-3ubuntu0.1~esm2apt_upgrade_esmFixed at 1.1.0+dfsg2-3ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson=1.1.0+dfsg2-3ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
rapidjson-dev→1.1.0+dfsg2-3ubuntu0.1~esm2apt_upgrade_esmFixed at 1.1.0+dfsg2-3ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-dev=1.1.0+dfsg2-3ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
rapidjson-doc→1.1.0+dfsg2-3ubuntu0.1~esm2apt_upgrade_esmFixed at 1.1.0+dfsg2-3ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-doc=1.1.0+dfsg2-3ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu focal
rapidjson→1.1.0+dfsg2-5ubuntu1+esm2apt_upgradeStandard apt upgrade. Install 1.1.0+dfsg2-5ubuntu1+esm2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson
Most apt upgrades restart their service automatically. needrestart lists anything else.
rapidjson-dev→1.1.0+dfsg2-5ubuntu1+esm2apt_upgradeStandard apt upgrade. Install 1.1.0+dfsg2-5ubuntu1+esm2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
rapidjson-doc→1.1.0+dfsg2-5ubuntu1+esm2apt_upgradeStandard apt upgrade. Install 1.1.0+dfsg2-5ubuntu1+esm2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu jammy
rapidjson→1.1.0+dfsg2-7ubuntu0.1~esm2apt_upgrade_esmFixed at 1.1.0+dfsg2-7ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson=1.1.0+dfsg2-7ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
rapidjson-dev→1.1.0+dfsg2-7ubuntu0.1~esm2apt_upgrade_esmFixed at 1.1.0+dfsg2-7ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-dev=1.1.0+dfsg2-7ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
rapidjson-doc→1.1.0+dfsg2-7ubuntu0.1~esm2apt_upgrade_esmFixed at 1.1.0+dfsg2-7ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-doc=1.1.0+dfsg2-7ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu noble
rapidjson→1.1.0+dfsg2-7.2ubuntu0.1~esm2apt_upgrade_esmFixed at 1.1.0+dfsg2-7.2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson=1.1.0+dfsg2-7.2ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
rapidjson-dev→1.1.0+dfsg2-7.2ubuntu0.1~esm2apt_upgrade_esmFixed at 1.1.0+dfsg2-7.2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-dev=1.1.0+dfsg2-7.2ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
rapidjson-doc→1.1.0+dfsg2-7.2ubuntu0.1~esm2apt_upgrade_esmFixed at 1.1.0+dfsg2-7.2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-doc=1.1.0+dfsg2-7.2ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu xenial
rapidjson→0.12~git20141031-3ubuntu0.1~esm2apt_upgrade_esmFixed at 0.12~git20141031-3ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson=0.12~git20141031-3ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
rapidjson-dev→0.12~git20141031-3ubuntu0.1~esm2apt_upgrade_esmFixed at 0.12~git20141031-3ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-dev=0.12~git20141031-3ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
rapidjson-doc→0.12~git20141031-3ubuntu0.1~esm2apt_upgrade_esmFixed at 0.12~git20141031-3ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y rapidjson-doc=0.12~git20141031-3ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Are YOU affected by USN-8189-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8189-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.