CVE-2023-50246
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-50246
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50246.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-50246
- Aliases
-
- GHSA-686w-5m7m-54vc
- Downstream
- Related
- Published
- 2023-12-13T20:43:50Z
- Modified
- 2025-10-22T18:40:58.561081Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- jq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c
- Details
-
jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.
- Database specific
{ "cwe_ids": [ "CWE-120", "CWE-122" ] }- References
Affected packages
Git / github.com/jqlang/jq
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jqlang/jq
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.6rc2
jq-1.*
jq-1.0
jq-1.1
jq-1.2
jq-1.3
jq-1.4
jq-1.5rc1
jq-1.5rc2
jq-1.6
jq-1.6rc1
jq-1.7
jq-1.7rc1
jq-1.7rc2
Database specific
vanir_signatures
[
{
"source": "https://github.com/jqlang/jq/commit/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297",
"id": "CVE-2023-50246-3a1c0ce4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/jv.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"290417494101508184750408009799882806556",
"260357342676783968016454112326919417947",
"226374140861562014448004111780551132909",
"38258572163093176609235064461151454765"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/jqlang/jq/commit/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297",
"id": "CVE-2023-50246-fe6c4298",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "jvp_literal_number_literal",
"file": "src/jv.c"
},
"digest": {
"length": 464.0,
"function_hash": "313161530875538920114687879794730925876"
},
"signature_type": "Function"
}
]