Lucene search
+L

15 matches found

Microsoft CVE
Microsoft CVE
added 2026/04/17 8:2 a.m.6 views

jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure

...

6.1CVSS5.7AI score0.00174EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2026/04/16 12:0 a.m.4 views

The vulnerability of the _strindices() function in the JQ programming language allows a attacker to trigger a service failure.

The vulnerability of the strindices function in the JQ programming language is related to the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

6.1CVSS6.1AI score0.00174EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.7 views

SUSE CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

5.5CVSS5.7AI score0.00174EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/14 6:19 p.m.4 views

CVE-2026-39956

A flaw was found in jq, a command line JSON processor. In release builds, the strindices builtin function calls the jvstringindexes function without checking that the arguments are actually strings. This missing validation allows an attacker who can supply non-string inputs to cause an applicatio...

6.1CVSS5.7AI score0.00174EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/04/13 11:16 p.m.6 views

CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS5.8AI score0.00174EPSS
Exploits1References5
OSV
OSV
added 2026/04/13 11:16 p.m.6 views

UBUNTU-CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS5.7AI score0.00174EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/13 10:10 p.m.26 views

CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS0.00174EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/13 10:10 p.m.3 views

CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS5.8AI score0.00174EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/13 10:10 p.m.5 views

CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS5.2AI score0.00174EPSS
Exploits1
EUVD
EUVD
added 2026/04/13 10:10 p.m.3 views

EUVD-2026-22126

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS5.8AI score0.00174EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 10:10 p.m.28 views

CVE-2026-39956

CVE-2026-39956 affects the jq JSON processor. The issue arises from the _strindices builtin in jq's src/builtin.c, which passes arguments directly to jv_string_indexes() without validating they are strings. In src/jv.c, the checks in jv_string_indexes() rely on asserts that are stripped in releas...

6.1CVSS5.8AI score0.00174EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/13 10:10 p.m.2 views

CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS6.3AI score0.00174EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/04/13 10:10 p.m.3 views

CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS5.7AI score0.00174EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. There is a security vulnerability in jq, which stems from the lack of parameter type validation in the strindices built-in function. This vulnerability may lead to crashes or uncontrolled pointer dereferencing...

6.1CVSS5.8AI score0.00174EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-32542

Name of the Vulnerable Software and Affected Versions jq affected versions not specified Description The strindices builtin in src/builtin.c passes arguments to jv string indexes in src/jv.c without verifying they are strings. Because jv string indexes relies on assert checks that are removed in...

8.2CVSS5.2AI score0.00559EPSS
Exploits3References63
Rows per page
Query Builder