Lucene search

GoogleOSV:CVE-2023-50268

HistoryDec 13, 2023 - 9:15 p.m.

CVE-2023-50268

2023-12-1321:15:09

Google

osv.dev

jq vulnerability stack-based buffer-overflow cjson processor decnumber build patch

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.

CPENameOperatorVersion
jqeq1.5-r4
jqeq1.6-r1
jqeq1.6-r3
jqeq1.7-r0
jqeq1.5-r5
jqeqjq-1.2
jqeq1.6_rc1-r1
jqeqjq-1.5rc2
jqeq1.7-r1
jqeqjq-1.3

Name	Operator	Version
jq	eq	1.5-r4
jq	eq	1.6-r1
jq	eq	1.6-r3
jq	eq	1.7-r0
jq	eq	1.5-r5
jq	eq	jq-1.2
jq	eq	1.6_rc1-r1
jq	eq	jq-1.5rc2
jq	eq	1.7-r1
jq	eq	jq-1.3

Rows per page:

1-10 of 301

References

www.openwall.com/lists/oss-security/2023/12/15/10

bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771

github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b

github.com/jqlang/jq/pull/2804

github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:CVE-2023-50268