Tag

Jq

3 briefs RSS

CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro

CVE-2026-43894 is a vulnerability related to jq involving a wild stack write via signed-integer overflow in the decNumber D2U() macro.

jq cve overflow stack write

2r 1c May 13, 2026

medium advisory

jq Vulnerability Allows Security Bypass

1 rule

A local attacker can exploit a vulnerability in jq to bypass security measures.

jq vulnerability security-bypass

1r May 11, 2026

medium advisory

jq JSON Processor Hash Table Collision Denial-of-Service Vulnerability (CVE-2026-40164)

2 rules 1 TTP 1 CVE

A denial-of-service vulnerability exists in jq versions prior to commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784 due to the use of a hardcoded seed in MurmurHash3, enabling attackers to craft JSON objects that trigger hash collisions and cause excessive CPU consumption.

jq denial-of-service hash-collision CVE-2026-40164 linux

2r 1t 1c Apr 14, 2026