References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

https://github.com/jqlang/jq/issues/3296

https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22

jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-843

https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92

https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375

jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.

https://github.com/jqlang/jq/issues/3196