rpm package
suse/jq&distro=SUSE Linux Micro 6.1
pkg:rpm/suse/jq&distro=SUSE%20Linux%20Micro%206.1
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-48060 | — | < 1.7.1-slfo.1.1_2.1 | 1.7.1-slfo.1.1_2.1 | May 21, 2025 | jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, | ||
| CVE-2024-23337 | — | < 1.7.1-slfo.1.1_2.1 | 1.7.1-slfo.1.1_2.1 | May 21, 2025 | jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch fo | ||
| CVE-2024-53427 | — | < 1.7.1-slfo.1.1_2.1 | 1.7.1-slfo.1.1_2.1 | Feb 26, 2025 | decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input ha |
- CVE-2025-48060May 21, 2025affected < 1.7.1-slfo.1.1_2.1fixed 1.7.1-slfo.1.1_2.1
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication,
- CVE-2024-23337May 21, 2025affected < 1.7.1-slfo.1.1_2.1fixed 1.7.1-slfo.1.1_2.1
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch fo
- CVE-2024-53427Feb 26, 2025affected < 1.7.1-slfo.1.1_2.1fixed 1.7.1-slfo.1.1_2.1
decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input ha