rpm package
opensuse/jq&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/jq&distro=openSUSE%20Leap%2015.6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9403 | Low | 3.3 | < 1.6-150000.3.12.1 | 1.6-150000.3.12.1 | Aug 25, 2025 | A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and m | |
| CVE-2025-48060 | — | < 1.6-150000.3.9.1 | 1.6-150000.3.9.1 | May 21, 2025 | jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, | ||
| CVE-2024-23337 | — | < 1.6-150000.3.6.1 | 1.6-150000.3.6.1 | May 21, 2025 | jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch fo |
- affected < 1.6-150000.3.12.1fixed 1.6-150000.3.12.1
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and m
- CVE-2025-48060May 21, 2025affected < 1.6-150000.3.9.1fixed 1.6-150000.3.9.1
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication,
- CVE-2024-23337May 21, 2025affected < 1.6-150000.3.6.1fixed 1.6-150000.3.6.1
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch fo