Lucene search

Veracode Vulnerability DatabaseVERACODE:44678

HistoryDec 14, 2023 - 8:52 a.m.

Heap-based Buffer Overflow

2023-12-1408:52:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

buffer overflow

decnumbertostring

memory allocation

software

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

libjq.so is vulnerable to Heap-based Buffer Overflow. The vulnerability is caused by not allocating enough buffer when calling the decNumberToString function. decNumberToString calls for a buffer that can hold a string of digits+14 characters, not a buffer of size digits+14 (one extra byte in the end after 14 ) , resulting in buffer overflow due to not allocating memory for an extra NULL byte.

CPENameOperatorVersion
libjq.soeq1.0.4
jq:sideq1.6-1
libjq.soeq1.0.4
jq:sideq1.6-1
jq:3.19eq1.7-r2

Name	Operator	Version
libjq.so	eq	1.0.4
jq:sid	eq	1.6-1
libjq.so	eq	1.0.4
jq:sid	eq	1.6-1
jq:3.19	eq	1.7-r2

References

www.openwall.com/lists/oss-security/2023/12/15/10

bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574

github.com/jqlang/jq/commit/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297

github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for VERACODE:44678