CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions jq versions up to and including 1.7.1 Description The issue is a heap-buffer-overflow present in the function jv string vfmt in the jq fuzz execute harness from oss-fuzz. This crash occurs in the file jv.c. No information is provided about the...

8.7CVSS6.6AI score0.00588EPSS

Exploits3References46

Positive Technologies•added 2025/05/21 12:0 a.m.•2 views

PT-2025-22366

Name of the Vulnerable Software and Affected Versions jq versions up to and including 1.7.1 Description The issue arises from an integer overflow when assigning a value using an index of 2147483647, which is the signed integer limit. This causes a denial of service. Recommendations For versions u...

8.7CVSS5.8AI score0.00588EPSS

Exploits3References62

OSV•added 2025/02/26 4:15 p.m.•8 views

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

8.1CVSS8.2AI score

Exploits0References5

Positive Technologies•added 2025/02/26 12:0 a.m.•3 views

PT-2025-8729

Name of the Vulnerable Software and Affected Versions jq version 1.7.1 Description The issue is related to a stack-buffer-overflow in the decNumberCopy function within decNumber.c. Recommendations For jq version 1.7.1, at the moment, there is no information about a newer version that contains a f...

8.7CVSS5.6AI score0.00588EPSS

Exploits3References40

OSV•added 2024/09/13 12:28 p.m.•9 views

RHSA-2016:1106 Red Hat Security Advisory: jq security update

Bulletin has no description...

10CVSS9.3AI score0.10165EPSS

Exploits0References8

OSV•added 2024/09/13 12:27 p.m.•10 views

RHSA-2016:1098 Red Hat Security Advisory: jq security update

Bulletin has no description...

10CVSS9.3AI score0.10165EPSS

Exploits0References8

OSV•added 2017/11/08 7:50 a.m.•4 views

SUSE-SU-2017:2950-1 Security update for jq

This update for jq fixes the following issues: Security issues fixed: - CVE-2016-4074: The jvdumpterm function in jq allowed remote attackers to cause a denial of service stack consumption and application crash via a crafted JSON file. bsc1014176 Non-security issues fixed: - Update tests...

7.8CVSS7.5AI score0.00995EPSS

Exploits1References4

OSV•added 2016/05/06 5:59 p.m.•3 views

CVE-2016-4074

The jvdumpterm function in jq 1.5 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted JSON file. This issue has been fixed in jq 1.6rc1-r0...

7.5CVSS7.5AI score

Exploits0References6

OSV•added 2016/05/06 5:59 p.m.•3 views

CVE-2015-8863

Off-by-one error in the tokenadd function in jvparse.c in jq allows remote attackers to cause a denial of service crash via a long JSON-encoded number, which triggers a heap-based buffer overflow...

9.8CVSS9.1AI score

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by