decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.

...

CVE-2023-50246 jq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue...

jq Security Vulnerabilities

jq is jqlang open source a lightweight and flexible command line JSON processor . A security vulnerability exists in jq version 1.7, which stems from the function decToString in decNumber.c being susceptible to a heap-based buffer overflow...

SUSE CVE-2023-49355

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...

CVE-2023-49355

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...

CVE-2023-49355

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...

UBUNTU-CVE-2023-49355

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...

jq buffer error vulnerability

jq is jqlang open source a lightweight and flexible command-line JSON processor . A buffer error vulnerability exists in jq v1.7-37 88f01a7 that originates from allowing an attacker to cause a denial of service via the decToString function in decNumber.c. The vulnerability is caused by a bug in j...

CVE-2023-49355

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...

PT-2023-31180 · Jq · Jq

Name of the Vulnerable Software and Affected Versions: jq version 88f01a7 Description: The issue is related to a one-byte out-of-bounds write in the decToString function in decNumber/decNumber.c. This occurs when the input " -1.2e-1111111111" is processed. Recommendations: For jq version 88f01a7,...

OSV-2023-1239 Heap-buffer-overflow in decToString

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574 Crash type: Heap-buffer-overflow WRITE 1 Crash state: decToString decNumberToString jvnumbergetliteral...