OpenWrt Memory Leak Vulnerability in JSONPath Token Processing

A memory leak vulnerability has been identified in the OpenWrt Project's JSONPath implementation, specifically in versions prior to 24.10.6 and 25.12.1. The issue arises in the 'jp_get_token' function, which handles lexical analysis by breaking input expressions into tokens. When extracting string literals, field labels, and regular expressions, dynamic memory allocation is used. The extracted data is stored in a 'jp_opcode' struct, which is later copied to a new 'jp_opcode' object via 'jp_alloc_op'. However, if a string was previously extracted and stored in the original 'jp_opcode', it is copied to the new allocation without freeing the original memory, leading to a memory leak.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not properly released, potentially leading to increased memory usage and degradation of system performance over time.

Remediation

Users can upgrade to OpenWrt versions 24.10.6 or 25.12.1 to address this vulnerability.