Bug 2390651 (CVE-2025-9403)
| Summary: | CVE-2025-9403 jq: assertion failure in run_jq_tests() of the file jq_test.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | adudiak, amctagga, aoconnor, bniver, brainfor, crizzo, flucifre, gmeno, haoli, hkataria, jajackso, jcammara, jmitchel, jneedle, kegrant, koliveir, kshier, ldai, lsharar, lucarval, mabashia, mbenjamin, mhackett, omaciel, pbraun, shvarugh, simaishi, smcdonal, sostapov, stcannon, teagle, tfister, thavo, vereddy, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability has been identified in the jq JSON processor where malformed JSON input containing invalid Unicode escape sequences can trigger an assertion failure in the test suite’s parsing consistency checks. This flaw arises from inconsistencies between expected and reparsed JSON values during serialization and deserialization, potentially allowing an attacker to exploit the issue by supplying specially crafted JSON data to cause abnormal termination or denial of service during test execution, highlighting weaknesses in jq’s parsing reliability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2390987, 2390988 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-08-25 03:01:14 UTC
|