Lucene search
HistoryDec 13, 2023 - 9:15 p.m.
CVE-2023-50246
json processor
vulnerability
patched
heap-based
buffer overflow
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
5.1%
jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
Affected configurations
Node
jqlangjqMatch1.7
Related
prion
prion
Heap overflow
2023-12-13 21:15:00
Out-of-bounds
2023-12-11 07:15:00
alpinelinux
alpinelinux
CVE-2023-50246
2023-12-13 21:15:08
cve
cve
CVE-2023-50246
2023-12-13 21:15:08
CVE-2023-49355
2023-12-11 07:15:07
ubuntucve
ubuntucve
CVE-2023-50246
2023-12-13 00:00:00
CVE-2023-49355
2023-12-11 00:00:00
debiancve
debiancve
CVE-2023-50246
2023-12-13 21:15:08
CVE-2023-49355
2023-12-11 07:15:07
redhatcve
redhatcve
CVE-2023-50246
2023-12-14 06:59:07
veracode
veracode
Heap-based Buffer Overflow
2023-12-14 08:52:39
cvelist
cvelist
CVE-2023-50246 jq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c
2023-12-13 20:43:50
CVE-2023-49355
2023-12-11 00:00:00
osv
osv
CVE-2023-50246
2023-12-13 21:15:08
jq-1.7.1-1.1 on GA media
2024-06-15 00:00:00
nvd
nvd
CVE-2023-49355
2023-12-11 07:15:07
redos
redos
ROS-20240408-14
2024-04-08 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2023-50246