CVE-2025-48060

Опубликовано: 21 мая 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jv_string_vfmt in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void* p = malloc(sz);. As of time of publication, no patched versions are available.

Релиз	Статус	Примечание
devel	pending	1.8.1-3ubuntu1
esm-apps/bionic	released	1.5+dfsg-2ubuntu0.1~esm1
esm-apps/xenial	released	1.5+dfsg-1ubuntu0.1+esm3
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/focal	released	1.6-1ubuntu0.20.04.1+esm1
focal	ignored	end of standard support, was deferred [2025-05-22]
jammy	released	1.6-2.1ubuntu3.1
noble	released	1.7.1-3ubuntu0.24.04.1
oracular	ignored	end of life, was needed
plucky	released	1.7.1-3ubuntu1.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%

0.00081

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2025-48060

CVSS3: 5.5

redhat

3 месяца назад

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

CVE-2025-48060

CVSS3: 7.5

nvd

3 месяца назад

CVE-2025-48060

CVSS3: 7.5

msrc

9 дней назад

Описание отсутствует

CVE-2025-48060

CVSS3: 7.5

debian

3 месяца назад

jq is a command-line JSON processor. In versions up to and including 1 ...

BDU:2025-06686

CVSS3: 7.5

fstec

3 месяца назад

Уязвимость функции jv_string_vfmt функционального языка программирования jq, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%

0.00081

Низкий

7.5 High

CVSS3

CVE-2025-48060

Описание

Пакет jq

Ссылки на источники

Связанные уязвимости