CVE-2023-49355

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.

jqlang/jq
jqlang/jq
Command-line JSON processor
GitHubGitHub
34.9K
linzc21/bug-reports
linzc21/bug-reports
Reproduction processes and POCs of the vulnerability found by me.
GitHubGitHub