CVE-2023-50268

{"id": "CVE-2023-50268", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-12-13T21:15:09.360", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/12/15/10", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771", "tags": ["Issue Tracking", "Mailing List"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jqlang/jq/pull/2804", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/15/10", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771", "tags": ["Issue Tracking", "Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jqlang/jq/pull/2804", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue."}, {"lang": "es", "value": "jq es un procesador JSON de l\u00ednea de comandos. La versi\u00f3n 1.7 es vulnerable al desbordamiento del b\u00fafer basado en pila en compilaciones que utilizan decNumber. La versi\u00f3n 1.7.1 contiene un parche para este problema."}], "lastModified": "2024-11-21T08:36:47.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jqlang:jq:1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB4D6ED1-816E-4FB7-B9EE-188B66543156"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}