Lucene search
K

4 matches found

OSV
OSV
added 2026/04/28 4:18 a.m.7 views

USN-8202-2 jq vulnerabilities

USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute...

8.2CVSS5.9AI score0.00559EPSS
Exploits5References7
Ubuntu
Ubuntu
added 2026/04/23 7:35 a.m.10 views

USN-8202-1: jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

8.2CVSS5.9AI score0.00559EPSS
Exploits5
NVD
NVD
added 2026/04/14 12:16 a.m.4 views

CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS0.00366EPSS
Exploits0References31
CVE
CVE
added 2026/04/13 11:40 p.m.86 views

CVE-2026-40164

CVE-2026-40164 affects jq, a command-line JSON processor, due to a hashing vulnerability introduced by using MurmurHash3 with a hardcoded seed (0x432A9843) for all object hash table operations prior to commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784. An attacker can craft a ~100 KB JSON object wh...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References31
Rows per page
Query Builder