#VU86290 Stack-based buffer overflow in JsonPath - CVE-2023-51074


Vulnerability identifier: #VU86290

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-51074

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
JsonPath
Web applications / JS libraries

Vendor: json-path

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the Criteria.parse() method. A remote unauthenticated attacker can trigger stack-based buffer overflow and perform a denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

JsonPath: 2.8.0

External links
https://github.com/json-path/JsonPath/issues/973

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Oracle Retail Xstore Point of Service
Multiple vulnerabilities in Oracle Communications Network Analytics Data Director
Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Repository Function
Multiple vulnerabilities in Oracle Communications Cloud Native Core Security Edge Protection Proxy
Multiple vulnerabilities in Oracle Communications Cloud Native Core Service Communication Proxy
Multiple vulnerabilities in Oracle Communications Order and Service Management
Multiple vulnerabilities in Oracle Communications Unified Inventory Management
Multiple vulnerabilities in Oracle Commerce Guided Search
IBM watsonx.data update for json-path
Stack-based buffer overflow in Oracle Application Testing Suite