CVE-2023-49355

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-787
View all →

Vulnerability Description

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.

Related Vulnerabilities

CVE-2006-20001

HIGH
CVSS:7.5(High)

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. Th...

CWE-7872006

CVE-2015-8619

HIGH
CVSS:7.5(High)

The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).

CWE-7872015

CVE-2015-9542

HIGH
CVSS:7.5(High)

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could s...

CWE-7872015

CVE-2016-0189

HIGH
CVSS:7.5(High)

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of ...

CWE-7872016

CVE-2016-10196

HIGH
CVSS:7.5(High)

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involvin...

CWE-7872016