Описание
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jv_string_vfmt in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void* p = malloc(sz);. As of time of publication, no patched versions are available.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.8.1-3ubuntu1 |
| esm-apps/bionic | released | 1.5+dfsg-2ubuntu0.1~esm1 |
| esm-apps/xenial | released | 1.5+dfsg-1ubuntu0.1+esm3 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/focal | released | 1.6-1ubuntu0.20.04.1+esm1 |
| focal | ignored | end of standard support, was deferred [2025-05-22] |
| jammy | released | 1.6-2.1ubuntu3.1 |
| noble | released | 1.7.1-3ubuntu0.24.04.1 |
| oracular | ignored | end of life, was needed |
| plucky | released | 1.7.1-3ubuntu1.1 |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)
jq is a command-line JSON processor. In versions up to and including 1 ...
EPSS
7.5 High
CVSS3