jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:10585 https://access.redhat.com/errata/RHSA-2025:10585
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:10613 https://access.redhat.com/errata/RHSA-2025:10613
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:10616 https://access.redhat.com/errata/RHSA-2025:10616
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:10615 https://access.redhat.com/errata/RHSA-2025:10615
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:10619 https://access.redhat.com/errata/RHSA-2025:10619
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Via RHSA-2025:10621 https://access.redhat.com/errata/RHSA-2025:10621
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:10622 https://access.redhat.com/errata/RHSA-2025:10622
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:10618 https://access.redhat.com/errata/RHSA-2025:10618
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Enterprise Linux 8.6 Extended Update Support EXTENSION Via RHSA-2025:10620 https://access.redhat.com/errata/RHSA-2025:10620
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2025:11363 https://access.redhat.com/errata/RHSA-2025:11363
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2025:11681 https://access.redhat.com/errata/RHSA-2025:11681
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2025:11677 https://access.redhat.com/errata/RHSA-2025:11677
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:12882 https://access.redhat.com/errata/RHSA-2025:12882
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:12437 https://access.redhat.com/errata/RHSA-2025:12437
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2025:14396 https://access.redhat.com/errata/RHSA-2025:14396
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2025:14853 https://access.redhat.com/errata/RHSA-2025:14853
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2025:15672 https://access.redhat.com/errata/RHSA-2025:15672