CVE-2023-51074 – json-path: stack-based buffer overflow in Criteria.parse method

https://notcve.org/view.php?id=CVE-2023-51074

27 Dec 2023 — json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. Se descubrió que json-path v2.8.0 contenía un desbordamiento de pila mediante el método Criteria.parse(). A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service. • https://github.com/json-path/JsonPath/issues/973 • CWE-121: Stack-based Buffer Overflow •