Submit #652387: MikroTik RouterOS 7 Memory Corruptioninfo

TitleMikroTik RouterOS 7 Memory Corruption
DescriptionCritical buffer overflow vulnerability in libjson.so JSON parser affecting RouterOS devices. The vulnerability exists in the parse_json_element function at address 0xf7ef6992, specifically in Unicode escape sequence processing logic. TECHNICAL DETAILS: - Function: parse_json_element (0xf7ef657b - 0xf7ef6fbb) - Root Cause: Insufficient length validation for \u Unicode escape sequences - Trigger: Malformed JSON with incomplete Unicode sequences like "\u0\0\\" - Impact: Infinite parsing loop leading to DoS/potential code execution EXPLOITATION: - Remote trigger via HTTP POST to /rest/ip/address/print endpoint - Malicious payload: {"0":"\u0\0\\"0 - Can bypass basic authentication - Immediate application crash, potential for code execution AFFECTED BINARY: - libjson.so (MD5: c6e0f91c84de5e261c7f2decbf51fad3) - SHA256: b6c00cb53461ed70610e53d11bb2c8a36868accbd55142a2ac5992c97fbe4cf4 The vulnerability occurs when the parser encounters \u followed by insufficient hex digits, causing state corruption in the string parsing loop and resulting in infinite iteration until memory exhaustion.
Source⚠️ https://github.com/a2ure123/libjson-unicode-buffer-overflow-poc
User
 a2ure (UID 41072)
Submission09/11/2025 04:51 AM (5 months ago)
Moderation09/25/2025 08:03 AM (14 days later)
StatusAccepted
VulDB entry325818 [MikroTik RouterOS 7 libjson.so /rest/ip/address/print parse_json_element buffer overflow]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!