vulnerability
Amazon Linux 2023: CVE-2024-53427: Important priority package update for jq
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:N/C:P/I:P/A:P) | Feb 26, 2025 | Apr 2, 2025 | Jul 17, 2025 |
Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
Feb 26, 2025
Added
Apr 2, 2025
Modified
Jul 17, 2025
Description
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).
A flaw was discovered in the jq package. In affected versions, specially-crafted input may trigger an unsafe memory operation leading to a stack buffer overflow. This can cause an application crash or other unintended behavior.
A flaw was discovered in the jq package. In affected versions, specially-crafted input may trigger an unsafe memory operation leading to a stack buffer overflow. This can cause an application crash or other unintended behavior.
Solutions
amazon-linux-2023-upgrade-jqamazon-linux-2023-upgrade-jq-debuginfoamazon-linux-2023-upgrade-jq-debugsourceamazon-linux-2023-upgrade-jq-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.