Jqlang ≫ Jq

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

8.1

CVE-2024-53427

Exploit

EPSS 0.25%
Veröffentlicht 26.02.2025 16:15:16
Zuletzt bearbeitet 01.07.2025 21:25:24

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a f...

5.5

CVE-2023-50268

Exploit

EPSS 0.1%
Veröffentlicht 13.12.2023 21:15:09
Zuletzt bearbeitet 21.11.2024 08:36:47

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.

5.5

CVE-2023-50246

Exploit

EPSS 0.26%
Veröffentlicht 13.12.2023 21:15:08
Zuletzt bearbeitet 25.04.2025 18:54:24

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.

7.5

CVE-2023-49355

Exploit

EPSS 0.11%
Veröffentlicht 11.12.2023 07:15:07
Zuletzt bearbeitet 21.11.2024 08:33:17

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in no...

<12

Team-orientierte Vulnerability Management Plattform

Features der Plattform

Jqlang ≫ Jq

CVE-2024-53427

CVE-2023-50268

CVE-2023-50246

CVE-2023-49355