VYPR

rpm package

suse/jq&distro=SUSE Linux Micro 6.0

pkg:rpm/suse/jq&distro=SUSE%20Linux%20Micro%206.0

Vulnerabilities (2)

  • CVE-2025-48060May 21, 2025
    affected < 1.6-5.1fixed 1.6-5.1

    jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication,

  • CVE-2024-23337May 21, 2025
    affected < 1.6-4.1fixed 1.6-4.1

    jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch fo