13 matches found
EUVD-2025-5310
Malicious code in bioql PyPI...
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...
CVE-2024-53427
The CVE-2024-53427 issue in jq (through 1.7.1) arises from decNumberCopy in decNumber.c misinterpreting NaN as numeric, leading to a stack-based buffer overflow and out-of-bounds write. Demonstrated by using --slurp with subtraction on certain digit strings containing NaN (e.g., "1 NaN123" follow...
Buffer Overflow
libjq.so is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds checking in the decToString function in decNumber.c. This could lead to Denial Of Service Attack...
CVE-2023-50246
A heap-based buffer overflow vulnerability was found in the decToString function in decNumber.c in the Jq project. This issue occurs when submitting malicious input to the application, leading to an application crash and causing a denial of service...
CVE-2023-50246 jq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c
jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue...
CVE-2023-49355
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...
CVE-2023-49355
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...
CVE-2023-49355
The CVE-2023-49355 entry concerns jq (commit 88f01a7) with a vulnerability in decToString in decNumber/decNumber.c where a one-byte out-of-bounds write occurs from input like []-1.2e-1111111111. This is tied to the decNumber path and affects the jq code path processing numeric literals. The provi...
CVE-2023-49355
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...
CVE-2023-49355
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...
CVE-2023-49355
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...