CVE-2024-53427

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-843
View all →

Vulnerability Description

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

Related Vulnerabilities

CVE-2017-0037

HIGH
CVSS:8.1(High)

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows...

CWE-8432017

CVE-2020-36460

HIGH
CVSS:8.1(High)

An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.

CWE-8432020

CVE-2023-35297

HIGH
CVSS:8.1(High)

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CWE-8432023

CVE-2023-4068

HIGH
CVSS:8.1(High)

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

CWE-8432023

CVE-2023-4070

HIGH
CVSS:8.1(High)

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

CWE-8432023

CVE-2024-21357

HIGH
CVSS:8.1(High)

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CWE-8432024