Published: 13/12/2023 Updated: 19/12/2023

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jqlang jq 1.7

Debian Bug report logs - #1058763 jq: CVE-2023-50246 CVE-2023-50268 Package: src:jq; Maintainer for src:jq is ChangZhuo Chen (陳昌倬) <czchen@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Dec 2023 19:57:01 UTC Severity: important Tags: security, upstream Found in version jq/17- ...

DescriptionA heap-based buffer overflow vulnerability was found in the decToString() function in decNumberc in the Jq project This issue occurs when submitting malicious input to the application, leading to an application crash and causing a denial of serviceA heap-based buffer overflow vulnerability was found in the decToString() functio ...

CWE-787 https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc https://github.com/jqlang/jq/commit/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574 http://www.openwall.com/lists/oss-security/2023/12/15/10 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058763 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-50246

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-50246

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect