CVE-2023-50246

Name
CVE-2023-50246
Description
jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security-advisories@github.com https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574
security-advisories@github.com https://github.com/jqlang/jq/commit/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297
security-advisories@github.com https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc
security-advisories@github.com http://www.openwall.com/lists/oss-security/2023/12/15/10

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:jqlang:jq:1.7:*:*:*:*:*:*:* jq == None == 1.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
jq edge-main 1.7.1-r0 Patrycja Rosa <alpine@ptrcnull.me> fixed
jq 3.22-main 1.7.1-r0 None fixed
jq 3.19-main 1.7.1-r0 Patrycja Rosa <alpine@ptrcnull.me> fixed