Описание
ELSA-2025-12882: jq security update (MODERATE)
[1.7.1-8.el10_0.1]
- jq: jq has signed integer overflow in jv.c:jvp_array_write (CVE-2024-23337)
- jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) (CVE-2025-48060)
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
jq
1.7.1-8.el10_0.1
jq-devel
1.7.1-8.el10_0.1
Oracle Linux x86_64
jq
1.7.1-8.el10_0.1
jq-devel
1.7.1-8.el10_0.1
Связанные CVE
Связанные уязвимости
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.