CVE-2024-53427Type Confusion in JQ

CWE-843Type ConfusionCWE-121Stack-based Buffer Overflow9 documents8 sources
Severity
8.1HIGHNVD
OSV6.5
EPSS
0.2%
top 52.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jqlang JQ
Timeline
PublishedFeb 26
Latest updateJul 21

Description

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 1.4 | Impact: 6.0

Affected Packages4 packages

Debianjqlang/jq< 1.7.1-5+1
Ubuntujqlang/jq< 1.6-2.1ubuntu3.1+1
CVEListV5jqlang/jq1.7.1
NVDjqlang/jq1.7.1

🔴Vulnerability Details

4
OSV
jq vulnerabilities2025-07-21
OSV
CVE-2024-53427: decNumberCopy in decNumber2025-02-26
CVEList
CVE-2024-53427: decNumberCopy in decNumber2025-02-26
GHSA
GHSA-8mxc-vqrq-gcm8: jq v12025-02-26

📋Vendor Advisories

4
Ubuntu
jq vulnerabilities2025-07-21
Red Hat
jq: stack-buffer-overflow in the decNumberCopy function in decNumber.c2025-02-26
Microsoft
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrat2025-02-11
Debian
CVE-2024-53427: jq - decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that...2024
CVE-2024-53427 — Type Confusion in Jqlang JQ | cvebase