CVE-2024-53427

CVE-2024-53427

Name

CVE-2024-53427

Description

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://github.com/jqlang/jq/issues/3196
cve@mitre.org	https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92
cve@mitre.org	https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375
cve@mitre.org	https://github.com/jqlang/jq/issues/3296
cve@mitre.org	https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22

Type

URI

cve@mitre.org

https://github.com/jqlang/jq/issues/3196

cve@mitre.org

https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92

cve@mitre.org

https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375

cve@mitre.org

https://github.com/jqlang/jq/issues/3296

cve@mitre.org

https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22

CPE URI	Source package	Min version	Max version
	jq	>= 0	<= 1.7.1
`cpe:2.3:a:jqlang:jq::::::::`	jq	>= None	<= 1.7.1

CPE URI

Source package

Min version

Max version

>= 0

<= 1.7.1

cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*

>= None

<= 1.7.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
jq	edge-main	1.8.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	fixed
jq	edge-main	1.7.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
jq	edge-main	1.6_rc1-r0	None	possibly vulnerable
jq	3.22-main	1.8.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	fixed
jq	3.22-main	1.7.1-r0	None	possibly vulnerable
jq	3.22-main	1.6_rc1-r0	None	possibly vulnerable
jq	3.21-main	1.7.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
jq	3.21-main	1.6_rc1-r0	None	possibly vulnerable
jq	3.20-main	1.7.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
jq	3.20-main	1.6_rc1-r0	None	possibly vulnerable
jq	3.19-main	1.7.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
jq	3.19-main	1.6_rc1-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

edge-main

1.8.0-r0

Patrycja Rosa <alpine@ptrcnull.me>

fixed

edge-main

1.7.1-r0

Patrycja Rosa <alpine@ptrcnull.me>