15 matches found
Azure Linux 3.0 Security Update: jq (CVE-2024-53427)
The version of jq installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53427 advisory. - decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric,...
Advisory ROSA-SA-2025-2981
software: jq 1.8.1 OS: ROSA-CHROME unaffected versions = jq-1.8.1-1 affected versions jq-1.8.1-1 CVE-ID: CVE-2024-53427 BDU-ID: 2025-06690 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the decNumberCopy function of the jq functional programming language is related to accessing a resource via...
Linux Distros Unpatched Vulnerability : CVE-2024-53427
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflo...
SUSE-SU-2025:20591-1 Security update for jq
This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jqfuzzexecute jvstringvfmt bsc1244116 - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvparraywrite bsc1243450 - CVE-2024-53427: Fixed stack-buffer-overflow in the decNumberCopy function in...
Security update for jq
This update for jq fixes the following issues: CVE-2025-48060: Fixed stack-buffer-overflow in jqfuzzexecute jvstringvfmt bsc1244116 CVE-2024-23337: Fixed signed integer overflow in jv.c:jvparraywrite bsc1243450 CVE-2024-53427: Fixed stack-buffer-overflow in the decNumberCopy function in decNumber...
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
...
SUSE CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...
ALPINE-CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...
CVE-2024-53427
The CVE-2024-53427 issue in jq (through 1.7.1) arises from decNumberCopy in decNumber.c misinterpreting NaN as numeric, leading to a stack-based buffer overflow and out-of-bounds write. Demonstrated by using --slurp with subtraction on certain digit strings containing NaN (e.g., "1 NaN123" follow...
PT-2025-8729
Name of the Vulnerable Software and Affected Versions jq version 1.7.1 Description The issue is related to a stack-buffer-overflow in the decNumberCopy function within decNumber.c. Recommendations For jq version 1.7.1, at the moment, there is no information about a newer version that contains a f...
jq 安全漏洞
jq is a lightweight and flexible command-line JSON processor from jqlang open source. A security vulnerability exists in jq v1.7.1, which stems from a stack buffer overflow in the decNumberCopy function...
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...