19 matches found
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...
CVE-2023-49355
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.
...
The vulnerability of thejq programming language lies in its ability to write data beyond the buffer boundaries in memory, which allows attackers to trigger a service failure.
The vulnerability of the JQ programming language lies in the overflow of the stack buffer in distributions that use decNumber. Exploiting this vulnerability can allow an attacker to cause a service failure...
SUSE CVE-2023-50268
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue...
CVE-2023-50268
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue...
DEBIAN-CVE-2023-50268
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue...
ALPINE-CVE-2023-50268
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue...
CVE-2023-50268
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue...
UBUNTU-CVE-2023-50268
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue...
CVE-2023-50268 jq has stack-based buffer overflow in decNaNs
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue...
jq Security Vulnerabilities
jq is jqlang open source a lightweight and flexible command-line JSON processor . A security vulnerability exists in jq version 1.7 that stems from the use of decNumber builds vulnerable to stack-based buffer overflows...
jq Security Vulnerabilities
jq is jqlang open source a lightweight and flexible command line JSON processor . A security vulnerability exists in jq version 1.7, which stems from the function decToString in decNumber.c being susceptible to a heap-based buffer overflow...
DEBIAN-CVE-2023-49355
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...
CVE-2023-49355
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...
CVE-2023-49355
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...
Out-of-bounds
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...
jq buffer error vulnerability
jq is jqlang open source a lightweight and flexible command-line JSON processor . A buffer error vulnerability exists in jq v1.7-37 88f01a7 that originates from allowing an attacker to cause a denial of service via the decToString function in decNumber.c. The vulnerability is caused by a bug in j...
PT-2023-31180 · Jq · Jq
Name of the Vulnerable Software and Affected Versions: jq version 88f01a7 Description: The issue is related to a one-byte out-of-bounds write in the decToString function in decNumber/decNumber.c. This occurs when the input " -1.2e-1111111111" is processed. Recommendations: For jq version 88f01a7,...