EUVD-2025-16055

Malicious code in bioql PyPI...

CBL Mariner 2.0 Security Update: jq (CVE-2025-48060)

"The version of jq installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48060 advisory. - jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present i...

CBL Mariner 2.0 Security Update: jq (CVE-2024-23337)

The version of jq installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23337 advisory. - jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when...

Moderate: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: jq has signed integer...

ALSA-2025:10585 Moderate: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: jq has signed integer...

CVE-2025-48060 AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

CVE-2024-23337 jq has signed integer overflow in jv.c:jvp_array_write

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...

CVE-2024-23337 jq has signed integer overflow in jv.c:jvp_array_write

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...

CVE-2024-23337 jq has signed integer overflow in jv.c:jvp_array_write

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...

CVE-2024-23337

CVE-2024-23337 : The issue affects the jq JSON processor, with vulnerable behavior in versions up to 1.7.1 due to an integer overflow when assigning a value using the index 2147483647 (the signed integer limit). The root cause is described in the commit de21386681c0df0104a99d9d09db23a9b2a78b1e, w...