CVE-2024-53427

ADVISORY - nist

Summary

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

EPSS Score⁠: 0.00018 (0.035)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-843⁠

Access of Resource Using Incompatible Type ('Type Confusion')

ADVISORY - redhat

CWE-121⁠

Stack-based Buffer Overflow

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.