Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 11:43 p.m.4 views

CVE-2026-54679

A flaw was found in jq, a command-line JSON processor. On 32-bit systems, a local attacker could exploit an integer overflow vulnerability in the jvpstringappend function. This could lead to a massive buffer overrun, resulting in a denial of service DoS condition. Mitigation Mitigation for this...

6.9CVSS5.8AI score0.00103EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/19 4:26 p.m.9 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:16 p.m.10 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:6 p.m.8 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 11:52 a.m.12 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/05/13 7:23 p.m.11 views

CVE-2026-41257

A flaw was found in jq, a command line JSON processor. The memory allocation size is calculated using a signed integer that can overflow when processing deeply nested generator forks. This integer overflow allows an attacker who can supply a sufficiently nested input to influence the memory...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/12 10:9 a.m.10 views

CVE-2026-43894

A flaw was found in jq, a tool used for processing JSON data from the command line. A remote attacker can exploit a vulnerability by providing a specially crafted large number as input. This can cause an internal calculation error, leading to a memory overflow where the attacker can write their o...

6.2CVSS5.8AI score0.00158EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/14 6:19 p.m.4 views

CVE-2026-39956

A flaw was found in jq, a command line JSON processor. In release builds, the strindices builtin function calls the jvstringindexes function without checking that the arguments are actually strings. This missing validation allows an attacker who can supply non-string inputs to cause an applicatio...

6.1CVSS5.7AI score0.00174EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-49014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function fstrflocaltime of /src/builtin.c. This issu...

6.9CVSS6.5AI score0.00321EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/08 12:44 p.m.23 views

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

8.7CVSS7.3AI score0.00443EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/07/08 12:34 p.m.10 views

jq: jq has signed integer overflow in jv.c:jvp_array_write

A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory acces...

6.5CVSS7.2AI score0.00351EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/07/08 12:32 p.m.7 views

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

8.7CVSS7.3AI score0.00443EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/07/08 12:30 p.m.5 views

jq: jq has signed integer overflow in jv.c:jvp_array_write

A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory acces...

6.5CVSS7.2AI score0.00351EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/07/08 11:18 a.m.5 views

jq: jq has signed integer overflow in jv.c:jvp_array_write

A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory acces...

6.5CVSS7.2AI score0.00351EPSS
Exploits1References7
Rows per page
Query Builder