2493030 – (CVE-2026-54679) CVE-2026-54679 jq: jq: Denial of Service via integer overflow and buffer overrun on 32-bit systems

Bug 2493030 (CVE-2026-54679) - CVE-2026-54679 jq: jq: Denial of Service via integer overflow and buffer overrun on 32-bit systems

Summary: CVE-2026-54679 jq: jq: Denial of Service via integer overflow and buffer over...

Keywords:
Status:	NEW
Alias:	CVE-2026-54679
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2493258
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-25 18:02 UTC by OSIDB Bzimport
Modified:	2026-06-25 22:57 UTC (History)
CC List:	22 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-25 18:02:50 UTC

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun.  This vulnerability is fixed in 1.8.2.

Note You need to log in before you can comment on or make changes to this bug.

amctagga
aoconnor
bniver
dschmidt
erezende
flucifre
gmeno
groman
jlanda
jmitchel
kshier
mbenjamin
mhackett
pbohmill
rhel-process-autobot
simaishi
sostapov
stcannon
teagle
vereddy
watson-tool-maintainers
yguenane