Описание
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jv_string_vfmt in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void* p = malloc(sz);. As of time of publication, no patched versions are available.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | deferred | 2025-05-22 |
| esm-apps/bionic | deferred | 2025-05-22 |
| esm-apps/xenial | deferred | 2025-05-22 |
| esm-infra-legacy/trusty | deferred | 2025-05-22 |
| esm-infra/focal | deferred | 2025-05-22 |
| focal | ignored | end of standard support, was deferred [2025-05-22] |
| jammy | deferred | 2025-05-22 |
| noble | deferred | 2025-05-22 |
| oracular | deferred | 2025-05-22 |
| plucky | deferred | 2025-05-22 |
Показывать по
EPSS
Связанные уязвимости
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
jq is a command-line JSON processor. In versions up to and including 1 ...
Уязвимость функции jv_string_vfmt функционального языка программирования jq, позволяющая нарушителю вызвать отказ в обслуживании
EPSS