Jq Security Vulnerabilities and Issues — Jq CVE List

Lucene search

JqlangJq

4 matches found

CVE•added 2025/05/21 3:16 p.m.•76 views

CVE-2024-23337

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

6.5CVSS4.8AI score0.00055EPSS

CVE•added 2023/12/13 9:15 p.m.•47 views

CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.

6.2CVSS6AI score0.00162EPSS

CVE•added 2023/12/13 9:15 p.m.•32 views

CVE-2023-50268

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.

6.2CVSS6AI score0.00134EPSS

CVE•added 2025/06/19 3:15 p.m.•8 views

CVE-2025-49014

jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication.

6.9CVSS6.7AI score0.0006EPSS