CNNVD-202508-3014 Information

CNNVD ID

CNNVD-202508-3014

Related CVE

CVE-2025-9403

• CNNVD Published: 2025-08-25

Description (Chinese)

jq是jqlang开源的一个轻量级且灵活的命令行 JSON 处理器。 jq 1.6及之前版本存在安全漏洞，该漏洞源于文件jq_test.c中run_jq_tests函数存在可达断言。

Description (English)

jq is a lightweight and flexible command line of the jqlang open source. There is a security loophole in the jq 1.6 and previous versions, which stems from the existence of an acclaimable version of the Run jq tests function in document jq test.c.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

jqlang

Published

2025-08-25

Last Modified

2026-02-24

References

https://vuldb.com/?submit.633170 https://github.com/jqlang/jq/issues/3393 https://vuldb.com/?id.321239 https://vuldb.com/?ctiid.321239 https://drive.google.com/file/d/1r8m9PhU_rk-QPj6OMcs415FcvWPD-zJY/view?usp=sharing https://nvd.nist.gov/vuln/detail/CVE-2025-9403

Patch

https://jqlang.org/