CVE-2023-50268

Name
CVE-2023-50268
Description
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security-advisories@github.com https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771
security-advisories@github.com https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b
security-advisories@github.com https://github.com/jqlang/jq/pull/2804
security-advisories@github.com https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j
security-advisories@github.com http://www.openwall.com/lists/oss-security/2023/12/15/10

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:jqlang:jq:1.7:*:*:*:*:*:*:* jq == None == 1.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
jq 3.19-main 1.7.1-r0 Patrycja Rosa <alpine@ptrcnull.me> fixed
jq edge-main 1.7.1-r0 Patrycja Rosa <alpine@ptrcnull.me> fixed