Описание
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
A flaw was discovered in the jq package. In affected versions, specially-crafted input may trigger an unsafe memory operation leading to a stack buffer overflow. This can cause an application crash or other unintended behavior.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 4 | jq | Not affected | ||
| Red Hat Enterprise Linux 10 | jq | Fix deferred | ||
| Red Hat Enterprise Linux 8 | jq | Not affected | ||
| Red Hat Enterprise Linux 9 | jq | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly con ...
jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.
EPSS
5.3 Medium
CVSS3