NixOS is a Linux distribution built on top of the Nix package manager. It is completely declarative, its system configurations are reproducible, makes configuration changes reliable and atomic, and eliminates configuration drift.

NixOS

Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple's macOS operating system and Linux. The name is intended to suggest the idea of building software on the Mac depending on the user's taste. Originally written by Max Howell, the package manager has gained popularity in the Ruby on Rails community and earned praise for its extensibility.

Homebrew

jq is a lightweight command-line JSON processor. It's designed to filter, transform, and manipulate JSON data with ease. jq is particularly useful for parsing and extracting information from complex JSON structures in shell scripts and data processing pipelines.

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.

CVE-2023-49355:
NixOS vulnerability analysis and mitigation

Overview

Technical details

Impact

Mitigation and workarounds

Additional resources

7.5

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud threat landscape

PEACH

Ready to see Wiz in action?

CVE-2023-49355: NixOS vulnerability analysis and mitigation