CNNVD-202506-2583 Information

CNNVD ID

CNNVD-202506-2583

Related CVE

CVE-2025-49014

• CNNVD Published: 2025-06-19

Description (Chinese)

jq是jqlang开源的一个轻量级且灵活的命令行 JSON 处理器。 jq 1.8.0版本存在资源管理错误漏洞，该漏洞源于文件/src/builtin.c中的函数f_strflocaltime存在释放后重用问题。

Description (English)

jq is a lightweight and flexible command line of the jqlang open source. Version q 1.8.0 contains a resource management error loophole, which stems from the re-use of function f strflocaltime in file/src/builtin.c.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

jqlang

Published

2025-06-19

Last Modified

2026-02-24

References

https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e https://github.com/jqlang/jq/security/advisories/GHSA-rmjp-cr27-wpg2

Patch

https://github.com/jqlang/jq/releases