#VU86290 Stack-based buffer overflow in JsonPath


Published: 2024-02-09

Vulnerability identifier: #VU86290

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-51074

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
JsonPath
Hardware solutions / Other hardware appliances

Vendor: json-path

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the Criteria.parse() method. A remote unauthenticated attacker can trigger stack-based buffer overflow and perform a denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

JsonPath: 2.8.0

External links
http://github.com/json-path/JsonPath/issues/973

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Stack-based buffer overflow in IBM Event Endpoint Management
Stack-based buffer overflow in IBM Event Processing
Multiple vulnerabilities in IBM Observability with Instana
Multiple vulnerabilities in Oracle Communications Cloud Native Core Binding Support Function
Multiple vulnerabilities in Oracle Communications Cloud Native Core Policy
Stack-based buffer overflow in IBM App Connect Enterprise
openEuler update for json-path
Multiple vulnerabilities in IBM Cloud Pak for Network Automation
Multiple vulnerabilities in IBM Cloud Pak for Business Automation
Stack-based buffer overflow in IBM Business Automation Workflow