Vulnerability Details : CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
Vulnerability category: Overflow
Products affected by CVE-2024-53427
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2024-53427
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-53427
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.1
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
1.4
|
6.0
|
MITRE | 2025-03-02 |
CWE ids for CVE-2024-53427
-
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.Assigned by: cve@mitre.org (Secondary)
References for CVE-2024-53427
-
https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22
-
https://github.com/jqlang/jq/issues/3196
Stack-buffer-overflow in decNumberCopy Function in jq 1.7.1 · Issue #3196 · jqlang/jq
-
https://github.com/jqlang/jq/issues/3296
-
https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92
OPTFuzz · GitHub
-
https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375
jq/src/decNumber/decNumber.c at 71c2ab509a8628dbbad4bc7b3f98a64aa90d3297 · jqlang/jq · GitHub
Jump to