4 matches found
Photon OS 5.0: Jq PHSA-2026-5.0-0885
An update of the jq package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0885. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid321792...
CVE-2026-40612
jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...
CVE-2026-40612
jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...
CVE-2026-40612
CVE-2026-40612 affects jq (1.8.1 and earlier). The root cause is an unbounded recursion in the function jv_contains that recurses into nested arrays/objects with no depth limit, eventually exhausting the C stack when presented with a deeply nested input (constructed programmatically with reduce, ...