CVE-2023-23088

Vulnerability

Barenboim json-parser master and v1.1.0 contain a heap-buffer-overflow vulnerability in the json_value_parse function. The bug is triggered when parsing a malformed JSON string such as "{ "" (an incomplete object key-value pair). The parser reads beyond the allocated buffer, leading to a memory corruption condition. The issue was fixed in v1.1.1 [1].

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted JSON input string to an application that uses the vulnerable json_value_parse function. No authentication or special privileges are required if the attacker can supply untrusted JSON data. The exploit requires no user interaction beyond the application processing the input. The crash was reproduced with AddressSanitizer, showing a heap-buffer-overflow read at line 685 in json_value_parse [1].

Impact

Successful exploitation allows an attacker to trigger a heap-buffer-overflow, which can lead to arbitrary code execution in the context of the affected application. The vulnerability could be used to corrupt memory, leak sensitive information, or achieve remote code execution depending on how the library is used [1].

Mitigation

Upgrade to json-parser v1.1.1 or later, which contains the fix for the buffer overflow. As of the publication date (2023-02-03), the patched version is available. No workaround is provided in the references [1].