| 제목 | MikroTik RouterOS 7 Memory Corruption |
|---|
| 설명 | Critical buffer overflow vulnerability in libjson.so JSON parser affecting RouterOS devices. The vulnerability exists in the parse_json_element function at address 0xf7ef6992, specifically in Unicode escape sequence processing logic.
TECHNICAL DETAILS:
- Function: parse_json_element (0xf7ef657b - 0xf7ef6fbb)
- Root Cause: Insufficient length validation for \u Unicode escape sequences
- Trigger: Malformed JSON with incomplete Unicode sequences like "\u0\0\\"
- Impact: Infinite parsing loop leading to DoS/potential code execution
EXPLOITATION:
- Remote trigger via HTTP POST to /rest/ip/address/print endpoint
- Malicious payload: {"0":"\u0\0\\"0
- Can bypass basic authentication
- Immediate application crash, potential for code execution
AFFECTED BINARY:
- libjson.so (MD5: c6e0f91c84de5e261c7f2decbf51fad3)
- SHA256: b6c00cb53461ed70610e53d11bb2c8a36868accbd55142a2ac5992c97fbe4cf4
The vulnerability occurs when the parser encounters \u followed by insufficient hex digits, causing state corruption in the string parsing loop and resulting in infinite iteration until memory exhaustion. |
|---|
| 원천 | ⚠️ https://github.com/a2ure123/libjson-unicode-buffer-overflow-poc |
|---|
| 사용자 | a2ure (UID 41072) |
|---|
| 제출 | 2025. 09. 11. AM 04:51 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 25. AM 08:03 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 325818 [MikroTik RouterOS 7 libjson.so /rest/ip/address/print parse_json_element 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|