Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-10618

Опубликовано: 08 июл. 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-10618: jq security update (MODERATE)

[1.6-11]

  • Fix CVE-2025-48060 AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)
  • Resolves: RHEL-92987

[1.6-10]

  • Fix CVE-2024-23337 jq has signed integer overflow in jv.c:jvp_array_write
  • Resolves: RHEL-92968

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

jq

1.6-11.el8_10

jq-devel

1.6-11.el8_10

Oracle Linux x86_64

jq

1.6-11.el8_10

jq-devel

1.6-11.el8_10

Связанные CVE

CVE-2024-23337
CVE-2025-48060

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2025:10618

rocky
8 дней назад

Moderate: jq security update

oracle-oval логотип

ELSA-2025-10585

oracle-oval
около 1 месяца назад

ELSA-2025-10585: jq security update (MODERATE)

ubuntu логотип

CVE-2025-48060

CVSS3: 7.5
ubuntu
3 месяца назад

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

redhat логотип

CVE-2025-48060

CVSS3: 5.5
redhat
3 месяца назад

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

nvd логотип

CVE-2025-48060

CVSS3: 7.5
nvd
3 месяца назад

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.