Executive Summary

Informations
Name CVE-2024-53427 First vendor Publication 2025-02-26
Vendor Cve Last vendor Modification 2025-07-01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53427

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

Sources (Detail)

https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92
https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/sr...
https://github.com/jqlang/jq/issues/3196
https://github.com/jqlang/jq/issues/3296
https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2025-07-02 00:21:43
  • Multiple Updates
2025-03-29 00:20:54
  • Multiple Updates
2025-03-02 09:20:29
  • Multiple Updates
2025-02-26 21:20:30
  • First insertion