cve/CVE-2023-49355.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00

0xMarcio 992ed5df2f Update CVE sources 2024-08-22 18:33

2024-08-22 18:33:16 +00:00

840 B

Raw Permalink Blame History

CVE-2023-49355

Description

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.

POC

Reference

https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md

Github

https://github.com/DiRaltvein/memory-corruption-examples

840 B Raw Permalink Blame History

CVE-2023-49355

Description

POC

Reference

Github

840 B

Raw Permalink Blame History