17 matches found
CVE-2026-32316
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
EUVD-2025-16055
Malicious code in bioql PyPI...
CBL Mariner 2.0 Security Update: jq (CVE-2025-48060)
"The version of jq installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48060 advisory. - jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present i...
CBL Mariner 2.0 Security Update: jq (CVE-2024-23337)
The version of jq installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23337 advisory. - jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when...
Moderate: jq security update
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: jq has signed integer...
ALSA-2025:10585 Moderate: jq security update
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: jq has signed integer...
CVE-2025-49014
jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function fstrflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication...
CVE-2025-49014 jq heap use after free vulnerability in f_strflocaltime
jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function fstrflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication...
CVE-2025-48060
CVE-2025-48060 affects jq up to version 1.7.1, where a heap-buffer-overflow in the jv_string_vfmt path can crash the process when formatting strings (OSS-Fuzz harness). The issue is triggered in jq_fuzz_execute and references malloc in jv.c. As of publication, no patch existed in the initial desc...
CVE-2025-48060 AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...
CVE-2025-48060 AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...
CVE-2024-23337 jq has signed integer overflow in jv.c:jvp_array_write
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...
CVE-2024-23337 jq has signed integer overflow in jv.c:jvp_array_write
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...
CVE-2024-23337
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...
CVE-2024-23337 jq has signed integer overflow in jv.c:jvp_array_write
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...
CVE-2024-23337
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...
CVE-2024-23337
CVE-2024-23337 : The issue affects the jq JSON processor, with vulnerable behavior in versions up to 1.7.1 due to an integer overflow when assigning a value using the index 2147483647 (the signed integer limit). The root cause is described in the commit de21386681c0df0104a99d9d09db23a9b2a78b1e, w...