8 matches found
USN-8202-3: jq regression
USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...
Photon OS 5.0: Jq PHSA-2026-5.0-0827
An update of the jq package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0827. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid307869...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-33947)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33947 advisory. - jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath,...
CVE-2026-33947
A flaw was found in jq, a command line JSON processor. Processing a crafted JSON document, specifically when a large array is used as a path argument to the jvsetpath, jvgetpath and delpathssorted functions can lead to an uncontrolled recursion and exhausts the call stack, causing an application...
CVE-2026-33947
creationtimestamp| type| source ---|---|--- 2026-04-14 01:12:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjg77wiex52z 2026-06-22 11:20:03+00:00| seen| https://bsky.app/profile/canartuc.com/post/3mourdgqfqt2u...
Linux Distros Unpatched Vulnerability : CVE-2026-33947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion...
CVE-2026-33947
Vulnerability summary (CVE-2026-33947) : In jq ≤ 1.8.1, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in src/jv_aux.c perform unbounded recursion whose depth is driven by a caller-supplied path array. A crafted JSON input (flat array ~65,000 integers, ~200 KB) used as a path argumen...
CVE-2026-33947
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...