CVE-2024-53427

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53427
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 Third Party Advisory
https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375 Product
https://github.com/jqlang/jq/issues/3196 Exploit Issue Tracking Vendor Advisory
https://github.com/jqlang/jq/issues/3296 Issue Tracking Vendor Advisory
https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*
History

01 Jul 2025, 21:25

Type Values Removed Values Added
References () https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 - () https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 - Third Party Advisory
References () https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375 - () https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375 - Product
References () https://github.com/jqlang/jq/issues/3196 - () https://github.com/jqlang/jq/issues/3196 - Exploit, Issue Tracking, Vendor Advisory
References () https://github.com/jqlang/jq/issues/3296 - () https://github.com/jqlang/jq/issues/3296 - Issue Tracking, Vendor Advisory
References () https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22 - () https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22 - Vendor Advisory
First Time Jqlang jq
Jqlang
CPE cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*

28 Mar 2025, 17:15

Type Values Removed Values Added
References
  • () https://github.com/jqlang/jq/issues/3296 -
  • () https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22 -

02 Mar 2025, 02:15

Type Values Removed Values Added
CWE CWE-843
Summary
  • (es) jq v1.7.1 contiene un desbordamiento de búfer de pila en la función decNumberCopy dentro de decNumber.c.
Summary (en) jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c. (en) decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1
References
  • () https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 -
  • () https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375 -

26 Feb 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-26 16:15

Updated : 2025-07-01 21:25

NVD link : CVE-2024-53427

Mitre link : CVE-2024-53427

CVE.ORG link : CVE-2024-53427

JSON object : View

Products Affected

jqlang

  • jq
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')