VYPR
Unrated severityNVD Advisory· Published Dec 11, 2023· Updated Oct 9, 2024

CVE-2023-49355

CVE-2023-49355

Description

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • jq/decNumberdescription
  • Jqlang/Jqllm-fuzzy

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.