Количество 7
Количество 7
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
CVE-2024-53427
CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly con ...
GHSA-8mxc-vqrq-gcm8
jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.
BDU:2025-06690
Уязвимость функции decNumberCopy функционального языка программирования jq, связанная с доступом к ресурсу через несовместимые типы, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-53427 decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits). | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
 | CVE-2024-53427 decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits). | CVSS3: 5.3 | 0% Низкий | 4 месяца назад |
 | CVE-2024-53427 decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits). | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
 | CVSS3: 8.1 | 0% Низкий | 3 месяца назад | |
| CVE-2024-53427 decNumberCopy in decNumber.c in jq through 1.7.1 does not properly con ... | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
| GHSA-8mxc-vqrq-gcm8 jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c. | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
 | BDU:2025-06690 Уязвимость функции decNumberCopy функционального языка программирования jq, связанная с доступом к ресурсу через несовместимые типы, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу