Описание
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory access and results in a denial of service.
Отчет
To exploit this flaw, an attacker needs to trick a user into processing a specially crafted JSON input, allowing an attacker to trigger an integer overflow and cause a crash in jq with no other security impact. Due to these reasons, this flaw has been rated with a Moderate severity.
Меры по смягчению последствий
Do not process untrusted input with the jq command line JSON processor.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | automation-controller | Fix deferred | ||
| Red Hat Ceph Storage 4 | jq | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred | ||
| Red Hat Enterprise Linux 10 | jq | Fixed | RHSA-2025:12882 | 05.08.2025 |
| Red Hat Enterprise Linux 8 | jq | Fixed | RHSA-2025:10618 | 08.07.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | jq | Fixed | RHSA-2025:10622 | 08.07.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | jq | Fixed | RHSA-2025:10621 | 08.07.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | jq | Fixed | RHSA-2025:10620 | 08.07.2025 |
| Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On | jq | Fixed | RHSA-2025:10620 | 08.07.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | jq | Fixed | RHSA-2025:10620 | 08.07.2025 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
jq is a command-line JSON processor. In versions up to and including 1 ...
4.3 Medium
CVSS3