{"id":"CVE-2024-53427","details":"decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., \"1 NaN123\" immediately followed by many more digits).","aliases":["GHSA-x6c3-qv5r-7q22"],"modified":"2026-03-15T22:48:50.054110Z","published":"2025-02-26T16:15:16.237Z","related":["CGA-r7c7-2h3m-qfmp"],"references":[{"type":"WEB","url":"https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375"},{"type":"ADVISORY","url":"https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"},{"type":"ADVISORY","url":"https://github.com/jqlang/jq/security/advisories/GHSA-x6c3-qv5r-7q22"},{"type":"REPORT","url":"https://github.com/jqlang/jq/issues/3196"},{"type":"REPORT","url":"https://github.com/jqlang/jq/issues/3296"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jqlang/jq","events":[{"introduced":"0"},{"last_affected":"71c2ab509a8628dbbad4bc7b3f98a64aa90d3297"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.1"}]}}],"versions":["1.6rc2","jq-1.0","jq-1.1","jq-1.2","jq-1.3","jq-1.4","jq-1.5rc1","jq-1.5rc2","jq-1.6","jq-1.6rc1","jq-1.7","jq-1.7.1","jq-1.7rc1","jq-1.7rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53427.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}