INFSA-2025:10585: jq security update
Information about definition
Identificator: INFSA-2025:10585
Type: security
Release date: 2025-07-17 21:45:06 UTC
Information about package
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text.
Vulnerabilities description
- CVE-2024-23337
Integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service.
- CVE-2025-48060
A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-23337
|
no information | 4.3 | no information |
|
NIST — CVE-2025-48060
|
no information | 5.5 | no information |
Updated packages