Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-48060

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.9%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-48060
  • Jqlang » Jq » Version: 1.0
    cpe:2.3:a:jqlang:jq:1.0
  • Jqlang » Jq » Version: 1.1
    cpe:2.3:a:jqlang:jq:1.1
  • Jqlang » Jq » Version: 1.2
    cpe:2.3:a:jqlang:jq:1.2
  • Jqlang » Jq » Version: 1.3
    cpe:2.3:a:jqlang:jq:1.3
  • Jqlang » Jq » Version: 1.4
    cpe:2.3:a:jqlang:jq:1.4
  • Jqlang » Jq » Version: 1.5
    cpe:2.3:a:jqlang:jq:1.5
  • Jqlang » Jq » Version: 1.6
    cpe:2.3:a:jqlang:jq:1.6
  • Jqlang » Jq » Version: 1.7
    cpe:2.3:a:jqlang:jq:1.7
  • Jqlang » Jq » Version: 1.7-37-g88f01a7
    cpe:2.3:a:jqlang:jq:1.7-37-g88f01a7
  • Jqlang » Jq » Version: 1.7.1
    cpe:2.3:a:jqlang:jq:1.7.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved