/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-53427

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-53427

CGA ID

CGA-6vvv-rrc8-7352

Severity

Unknown

Description

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs