27313 matches found
CVE-2026-44777 jq: stack overflow in module loading on mutual `include`
jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro
jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...
CVE-2026-43894
CVE-2026-43894 affects jq up to version 1.8.1 and earlier. The root cause is a signed-int overflow in decNumberFromString’s D2U() macro, causing a wrap to a negative value, bypassing the heap-size check and using a 30-byte stack buffer. This results in writing ~715 million 16-bit units (≈1.4 GiB)...
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...
CVE-2026-40612
CVE-2026-40612 affects jq (1.8.1 and earlier). The root cause is an unbounded recursion in the function jv_contains that recurses into nested arrays/objects with no depth limit, eventually exhausting the C stack when presented with a deeply nested input (constructed programmatically with reduce, ...
CVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_contains
jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...
EUVD-2026-29163
jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...
CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)
jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...
CVE-2026-41257
jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...
SUSE CVE-2026-43380
In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...
EUVD-2026-29014
A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...
CVE-2026-8258
A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...
DEBIAN-CVE-2026-8258
A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the validateformat function. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input that triggers a stack-based buffer overflow. Remediation A fix was push...
CVE-2026-8258 Squirrel sqstdstring.cpp validate_format stack-based overflow
A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...
CVE-2026-8258
A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...
CVE-2026-8258 Squirrel sqstdstring.cpp validate_format stack-based overflow
A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...
CVE-2026-8258
A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...
jq 输入验证错误漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the use of signed integers for the stack allocation size in the jq bytecode virtual machine. Wh...
PT-2026-39551
A flaw has been found in Squirrel up to 3.2. Impacted is the function validate format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...