CVE-2026-54679

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*

History

26 Jun 2026, 18:53

Type Values Removed Values Added
CPE cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*
First Time Jqlang jq
Jqlang
References () https://github.com/jqlang/jq/security/advisories/GHSA-29gj-222p-j7vx - () https://github.com/jqlang/jq/security/advisories/GHSA-29gj-222p-j7vx - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5

25 Jun 2026, 18:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 18:16

Updated : 2026-06-26 18:53


NVD link : CVE-2026-54679

Mitre link : CVE-2026-54679

CVE.ORG link : CVE-2026-54679


JSON object : View

Products Affected

jqlang

  • jq
CWE
CWE-190

Integer Overflow or Wraparound