{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48060", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-15T16:06:40.940Z", "datePublished": "2025-05-21T17:32:43.602Z", "dateUpdated": "2025-05-21T18:39:28.901Z"}, "containers": {"cna": {"title": "AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w"}], "affected": [{"vendor": "jqlang", "product": "jq", "versions": [{"version": "<= 1.7.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-21T17:32:43.602Z"}, "descriptions": [{"lang": "en", "value": "jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available."}], "source": {"advisory": "GHSA-p7rr-28xf-3m5w", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-21T18:39:23.263839Z", "id": "CVE-2025-48060", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T18:39:28.901Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48060", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-21T18:39:23.263839Z"}}}], "references": [{"url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T18:39:15.439Z"}}], "cna": {"title": "AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)", "source": {"advisory": "GHSA-p7rr-28xf-3m5w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "jqlang", "product": "jq", "versions": [{"status": "affected", "version": "<= 1.7.1"}]}], "references": [{"url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w", "name": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-21T17:32:43.602Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48060", "state": "PUBLISHED", "dateUpdated": "2025-05-21T18:39:28.901Z", "dateReserved": "2025-05-15T16:06:40.940Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-21T17:32:43.602Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4AFD89F-511E-4436-9D4F-28E33F0785DE", "versionEndIncluding": "1.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available."}, {"lang": "es", "value": "jq es un procesador JSON de l\u00ednea de comandos. En versiones hasta la 1.7.1 (incluida), se produce un desbordamiento del b\u00fafer de pila en la funci\u00f3n `jv_string_vfmt` del arn\u00e9s `jq_fuzz_execute` de oss-fuzz. Este fallo ocurre en el archivo `jv.c`, l\u00ednea 1456 `void* p = malloc(sz);`. Al momento de la publicaci\u00f3n, no hay versiones parcheadas disponibles."}], "id": "CVE-2025-48060", "lastModified": "2025-06-20T17:39:13.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-21T18:15:53.037", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:10618", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "jq-0:1.6-11.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10622", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "jq-0:1.5-12.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10621", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "jq-0:1.5-12.el8_4.4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10620", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "jq-0:1.6-3.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10620", "cpe": "cpe:/a:redhat:rhel_eus_long_life:8.6", "package": "jq-0:1.6-3.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support EXTENSION", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10620", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "jq-0:1.6-3.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10620", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "jq-0:1.6-3.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10619", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "jq-0:1.6-6.el8_8.3", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10619", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "jq-0:1.6-6.el8_8.3", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10585", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "jq-0:1.6-17.el9_6.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10616", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "jq-0:1.6-12.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10615", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "jq-0:1.6-15.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-07-08T00:00:00Z"}, {"advisory": "RHSA-2025:10613", "cpe": "cpe:/o:redhat:rhel_eus:9.4", "package": "jq-0:1.6-16.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-07-08T00:00:00Z"}], "bugzilla": {"description": "jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)", "id": "2367842", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367842"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-126", "details": ["jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.", "A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Do not process untrusted input with the jq command line JSON processor."}, "name": "CVE-2025-48060", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Affected", "package_name": "jq", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "jq", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-05-21T17:32:43Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-48060\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-48060\nhttps://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w"], "statement": "To exploit this flaw, an attacker needs to trick a user into processing a specially crafted JSON input, allowing an attacker to trigger a buffer over-read of 2 bytes and cause a crash in jq with no other security impact. Due to these reasons, this flaw has been rated with a Moderate severity.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-126: Buffer Over-read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nMemory access boundaries are enforced through secure coding practices, including bounds checking and automated detection of over-read conditions during development. Static analysis and peer reviews catch improper memory handling early, reducing the risk of vulnerabilities reaching production. Memory protection mechanisms restrict access to allocated regions at runtime, and process isolation contains memory faults within the affected workload. Additionally, a defense-in-depth monitoring strategy supports real-time detection of anomalous memory activity, enabling rapid response and limiting potential impact.", "threat_severity": "Moderate"}