VDB
CVE-2023-50268
CVE-2023-50268
PUBLISHED
CVSS 6.199999809265137 MEDIUM
jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.
EPSS 0.10% · 27.9th percentile
Risk Scores
CVSS v3.1
6.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.10%
27.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| jqlang | jq | 1.7, *, = 1.7 |
Timeline
- Jan 20, 1970 Fix PR Merged
- Jan 21, 1970 Security Advisory
- Dec 13, 2023 CVE Published
- Dec 14, 2023 EPSS Score
- Dec 19, 2023 PoC Published
- Jan 10, 2024 PoC Published
- Jan 12, 2024 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 11, 2024 EPSS Score
- Apr 9, 2024 EPSS Score
- Apr 12, 2024 PoC Published
- May 8, 2024 EPSS Score
References
- https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j url
- https://github.com/jqlang/jq/pull/2804 url
- https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b url
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771 url
- http://www.openwall.com/lists/oss-security/2023/12/15/10 url