12 matches found
jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure
...
SUSE CVE-2026-39956
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...
CVE-2026-39956
A flaw was found in jq, a command line JSON processor. In release builds, the strindices builtin function calls the jvstringindexes function without checking that the arguments are actually strings. This missing validation allows an attacker who can supply non-string inputs to cause an applicatio...
UBUNTU-CVE-2026-39956
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...
CVE-2026-39956
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...
EUVD-2026-22126
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...
CVE-2026-39956
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...
CVE-2026-39956
CVE-2026-39956 affects the jq JSON processor. The issue arises from the _strindices builtin in jq's src/builtin.c, which passes arguments directly to jv_string_indexes() without validating they are strings. In src/jv.c, the checks in jv_string_indexes() rely on asserts that are stripped in releas...
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...
jq 安全漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. There is a security vulnerability in jq, which stems from the lack of parameter type validation in the strindices built-in function. This vulnerability may lead to crashes or uncontrolled pointer dereferencing...
PT-2026-32542
Name of the Vulnerable Software and Affected Versions jq affected versions not specified Description The strindices builtin in src/builtin.c passes arguments to jv string indexes in src/jv.c without verifying they are strings. Because jv string indexes relies on assert checks that are removed in...