diff --git a/NEWS.md b/NEWS.md
index 913be89879..14a594ba70 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -2,7 +2,7 @@
 
 ## Security
 
-- CVE-2023-50246: ....
+- CVE-2023-50246: Fix heap buffer overflow in jvp\_literal\_number\_literal
 - CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload
 
 ## CLI changes
diff --git a/src/jv.c b/src/jv.c
index 6ca1e1d0fd..e23d8ec124 100644
--- a/src/jv.c
+++ b/src/jv.c
@@ -635,7 +635,7 @@ static const char* jvp_literal_number_literal(jv n) {
   }
 
   if (plit->literal_data == NULL) {
-    int len = jvp_dec_number_ptr(n)->digits + 14;
+    int len = jvp_dec_number_ptr(n)->digits + 15 /* 14 + NUL */;
     plit->literal_data = jv_mem_alloc(len);
 
     // Preserve the actual precision as we have parsed it
diff --git a/tests/shtest b/tests/shtest
index a426c79f3b..14aafbf933 100755
--- a/tests/shtest
+++ b/tests/shtest
@@ -609,4 +609,9 @@ if ! r=$($JQ --args -rn 1 -- '$ARGS.positional[0]' bar) || [ "$r" != 1 ]; then
     exit 1
 fi
 
+# CVE-2023-50246: No heap overflow for '-10E-1000000001'
+$VALGRIND $Q $JQ . <<\NUM
+-10E-1000000001
+NUM
+
 exit 0