CVE-2023-6831
Stack Overflow vulnerability in mlflow (PyPI)
What is CVE-2023-6831 About?
This vulnerability in json-path v2.8.0 involves a stack overflow that occurs within the 'Criteria.parse()' method. Attackers can trigger this condition, potentially leading to a denial of service or arbitrary code execution. The exploitability depends on the complexity of crafting input that causes the stack to overflow.
Affected Software
- mlflow
- <1da75dfcecd4d169e34809ade55748384e8af6c1
- <2.9.2
Technical Details
The vulnerability is a stack overflow in 'json-path' library version 2.8.0, specifically located within the 'Criteria.parse()' method. An attacker can provide a specially crafted JSON path expression or input to this method. This malformed input causes the 'Criteria.parse()' function to recurse excessively or allocate too much data on the call stack, leading to a stack overflow error. When the stack overflows, the program's execution flow is disrupted, often resulting in a crash and a denial of service. Under specific circumstances, it might be possible to control the overwritten stack memory to achieve arbitrary code execution.
What is the Impact of CVE-2023-6831?
Successful exploitation may allow attackers to disrupt service availability, cause performance degradation, or potentially execute arbitrary code.
What is the Exploitability of CVE-2023-6831?
Exploitation requires an attacker to provide a specially crafted input to the 'Criteria.parse()' method. This is a moderate to high complexity task, as it necessitates understanding how the method processes input to induce a stack overflow. No specific authentication or privileges are typically required if the vulnerable method processes user-supplied input directly. This can be a remote or local attack depending on how the application uses the 'json-path' library. The primary risk factor is the application's exposure of a JSON path parsing function to untrusted input.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-6831?
Available Upgrade Options
- mlflow
- <1da75dfcecd4d169e34809ade55748384e8af6c1 → Upgrade to 1da75dfcecd4d169e34809ade55748384e8af6c1
- mlflow
- <2.9.2 → Upgrade to 2.9.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
- https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-253.yaml
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
- https://osv.dev/vulnerability/PYSEC-2023-253
- https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
- https://nvd.nist.gov/vuln/detail/CVE-2023-6831
- https://github.com/mlflow/mlflow
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
What are Similar Vulnerabilities to CVE-2023-6831?
Similar Vulnerabilities: CVE-2023-46765 , CVE-2023-46764 , CVE-2023-46763 , CVE-2023-46762 , CVE-2023-46761
