Skip to content

[oss-fuzz] Issue 64771: jq:jq_fuzz_execute: Stack-buffer-overflow in decNaNs

High
emanuele6 published GHSA-7hmr-442f-qc8j Dec 13, 2023

Package

No package listed

Affected versions

1.7

Patched versions

1.7.1

Description

Impact

Stack-buffer-overflow; jq 1.7 builds using decNumber.
Reproduce with

jq '1 != .' <<<Nan4000

oss-fuzz Recommended Security Severity: High

Patches

Allocate decNumberUnit to perform the comparison without overflow.

Workarounds

Upgrade to 1.7.1

References

  1. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771
  2. The same commit also introduces the UBSAN (signed overflow) bugs reported by #2968
    Reproduce with 
    jq -n '1e999999999 > 1e-1147483646'

Severity

High

CVE ID

CVE-2023-50268

Weaknesses

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). Learn more on MITRE.

Credits