Уязвимость CVE-2025-48060

Пакет	Статус	Версия исправления	Релиз	Тип
jq	fixed	1.8.0-1		package
jq	no-dsa		bookworm	package
jq	postponed		bullseye	package

CVE-2025-48060

ubuntu

29 дней назад

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

CVE-2025-48060

CVSS3: 5.5

redhat

29 дней назад

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

CVE-2025-48060

nvd

29 дней назад

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

BDU:2025-06686

CVSS3: 7.5

fstec

29 дней назад

Уязвимость функции jv_string_vfmt функционального языка программирования jq, позволяющая нарушителю вызвать отказ в обслуживании

exploitDog

CVE-2025-48060

Описание

Пакеты

Примечания

Связанные уязвимости