Vulnerabilities > CVE-2023-49355 - Out-of-bounds Write vulnerability in Jqlang JQ 1.737G88F01A7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |