OESA-2025-1809
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1809
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-1809.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-1809
- Upstream
- Published
- 2025-07-11T12:24:20Z
- Modified
- 2025-09-03T06:31:11.207739Z
- Summary
- jq security update
- Details
-
jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want.
Security Fix(es):
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.(CVE-2024-23337)
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function
jv_string_vfmtin the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456void* p = malloc(sz);. As of time of publication, no patched versions are available.(CVE-2025-48060)jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication.(CVE-2025-49014)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP4
jq
Package
- Name
- jq
- Purl
- pkg:rpm/openEuler/jq&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0-2.oe2003sp4
Ecosystem specific
{
"src": [
"jq-1.8.0-2.oe2003sp4.src.rpm"
],
"noarch": [
"jq-help-1.8.0-2.oe2003sp4.noarch.rpm"
],
"x86_64": [
"jq-1.8.0-2.oe2003sp4.x86_64.rpm",
"jq-debuginfo-1.8.0-2.oe2003sp4.x86_64.rpm",
"jq-debugsource-1.8.0-2.oe2003sp4.x86_64.rpm",
"jq-devel-1.8.0-2.oe2003sp4.x86_64.rpm"
],
"aarch64": [
"jq-1.8.0-2.oe2003sp4.aarch64.rpm",
"jq-debuginfo-1.8.0-2.oe2003sp4.aarch64.rpm",
"jq-debugsource-1.8.0-2.oe2003sp4.aarch64.rpm",
"jq-devel-1.8.0-2.oe2003sp4.aarch64.rpm"
]
}openEuler:22.03-LTS-SP3
jq
Package
- Name
- jq
- Purl
- pkg:rpm/openEuler/jq&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0-2.oe2203sp3
Ecosystem specific
{
"src": [
"jq-1.8.0-2.oe2203sp3.src.rpm"
],
"noarch": [
"jq-help-1.8.0-2.oe2203sp3.noarch.rpm"
],
"x86_64": [
"jq-1.8.0-2.oe2203sp3.x86_64.rpm",
"jq-debuginfo-1.8.0-2.oe2203sp3.x86_64.rpm",
"jq-debugsource-1.8.0-2.oe2203sp3.x86_64.rpm",
"jq-devel-1.8.0-2.oe2203sp3.x86_64.rpm"
],
"aarch64": [
"jq-1.8.0-2.oe2203sp3.aarch64.rpm",
"jq-debuginfo-1.8.0-2.oe2203sp3.aarch64.rpm",
"jq-debugsource-1.8.0-2.oe2203sp3.aarch64.rpm",
"jq-devel-1.8.0-2.oe2203sp3.aarch64.rpm"
]
}openEuler:22.03-LTS-SP4
jq
Package
- Name
- jq
- Purl
- pkg:rpm/openEuler/jq&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0-2.oe2203sp4
Ecosystem specific
{
"src": [
"jq-1.8.0-2.oe2203sp4.src.rpm"
],
"noarch": [
"jq-help-1.8.0-2.oe2203sp4.noarch.rpm"
],
"x86_64": [
"jq-1.8.0-2.oe2203sp4.x86_64.rpm",
"jq-debuginfo-1.8.0-2.oe2203sp4.x86_64.rpm",
"jq-debugsource-1.8.0-2.oe2203sp4.x86_64.rpm",
"jq-devel-1.8.0-2.oe2203sp4.x86_64.rpm"
],
"aarch64": [
"jq-1.8.0-2.oe2203sp4.aarch64.rpm",
"jq-debuginfo-1.8.0-2.oe2203sp4.aarch64.rpm",
"jq-debugsource-1.8.0-2.oe2203sp4.aarch64.rpm",
"jq-devel-1.8.0-2.oe2203sp4.aarch64.rpm"
]
}openEuler:24.03-LTS
jq
Package
- Name
- jq
- Purl
- pkg:rpm/openEuler/jq&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0-2.oe2403sp2
Ecosystem specific
{
"src": [
"jq-1.8.0-2.oe2403.src.rpm",
"jq-1.8.0-2.oe2403sp1.src.rpm",
"jq-1.8.0-2.oe2403sp2.src.rpm"
],
"noarch": [
"jq-help-1.8.0-2.oe2403.noarch.rpm",
"jq-help-1.8.0-2.oe2403sp1.noarch.rpm",
"jq-help-1.8.0-2.oe2403sp2.noarch.rpm"
],
"x86_64": [
"jq-1.8.0-2.oe2403.x86_64.rpm",
"jq-debuginfo-1.8.0-2.oe2403.x86_64.rpm",
"jq-debugsource-1.8.0-2.oe2403.x86_64.rpm",
"jq-devel-1.8.0-2.oe2403.x86_64.rpm",
"jq-1.8.0-2.oe2403sp1.x86_64.rpm",
"jq-debuginfo-1.8.0-2.oe2403sp1.x86_64.rpm",
"jq-debugsource-1.8.0-2.oe2403sp1.x86_64.rpm",
"jq-devel-1.8.0-2.oe2403sp1.x86_64.rpm",
"jq-1.8.0-2.oe2403sp2.x86_64.rpm",
"jq-debuginfo-1.8.0-2.oe2403sp2.x86_64.rpm",
"jq-debugsource-1.8.0-2.oe2403sp2.x86_64.rpm",
"jq-devel-1.8.0-2.oe2403sp2.x86_64.rpm"
],
"aarch64": [
"jq-1.8.0-2.oe2403.aarch64.rpm",
"jq-debuginfo-1.8.0-2.oe2403.aarch64.rpm",
"jq-debugsource-1.8.0-2.oe2403.aarch64.rpm",
"jq-devel-1.8.0-2.oe2403.aarch64.rpm",
"jq-1.8.0-2.oe2403sp1.aarch64.rpm",
"jq-debuginfo-1.8.0-2.oe2403sp1.aarch64.rpm",
"jq-debugsource-1.8.0-2.oe2403sp1.aarch64.rpm",
"jq-devel-1.8.0-2.oe2403sp1.aarch64.rpm",
"jq-1.8.0-2.oe2403sp2.aarch64.rpm",
"jq-debuginfo-1.8.0-2.oe2403sp2.aarch64.rpm",
"jq-debugsource-1.8.0-2.oe2403sp2.aarch64.rpm",
"jq-devel-1.8.0-2.oe2403sp2.aarch64.rpm"
]
}openEuler:24.03-LTS-SP1
jq
Package
- Name
- jq
- Purl
- pkg:rpm/openEuler/jq&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0-2.oe2403sp1
Ecosystem specific
{
"src": [
"jq-1.8.0-2.oe2403sp1.src.rpm"
],
"noarch": [
"jq-help-1.8.0-2.oe2403sp1.noarch.rpm"
],
"x86_64": [
"jq-1.8.0-2.oe2403sp1.x86_64.rpm",
"jq-debuginfo-1.8.0-2.oe2403sp1.x86_64.rpm",
"jq-debugsource-1.8.0-2.oe2403sp1.x86_64.rpm",
"jq-devel-1.8.0-2.oe2403sp1.x86_64.rpm"
],
"aarch64": [
"jq-1.8.0-2.oe2403sp1.aarch64.rpm",
"jq-debuginfo-1.8.0-2.oe2403sp1.aarch64.rpm",
"jq-debugsource-1.8.0-2.oe2403sp1.aarch64.rpm",
"jq-devel-1.8.0-2.oe2403sp1.aarch64.rpm"
]
}openEuler:24.03-LTS-SP2
jq
Package
- Name
- jq
- Purl
- pkg:rpm/openEuler/jq&distro=openEuler-24.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0-2.oe2403sp2
Ecosystem specific
{
"src": [
"jq-1.8.0-2.oe2403sp2.src.rpm"
],
"noarch": [
"jq-help-1.8.0-2.oe2403sp2.noarch.rpm"
],
"x86_64": [
"jq-1.8.0-2.oe2403sp2.x86_64.rpm",
"jq-debuginfo-1.8.0-2.oe2403sp2.x86_64.rpm",
"jq-debugsource-1.8.0-2.oe2403sp2.x86_64.rpm",
"jq-devel-1.8.0-2.oe2403sp2.x86_64.rpm"
],
"aarch64": [
"jq-1.8.0-2.oe2403sp2.aarch64.rpm",
"jq-debuginfo-1.8.0-2.oe2403sp2.aarch64.rpm",
"jq-debugsource-1.8.0-2.oe2403sp2.aarch64.rpm",
"jq-devel-1.8.0-2.oe2403sp2.aarch64.rpm"
]
}