CVE-2025-48060

HIGH Year: 2025
Weakness Type
CWE-121
View all →

Vulnerability Description

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

Related Vulnerabilities

CVE-2020-14498

CRITICAL
CVSS:10.0(Critical)

HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

CWE-1212020

CVE-2021-21960

CRITICAL
CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code executi...

CWE-1212021

CVE-2021-21961

CRITICAL
CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An...

CWE-1212021

CVE-2022-32454

CRITICAL
CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote cod...

CWE-1212022

CVE-2023-3943

CRITICAL
CVSS:10.0(Critical)

Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, i...

CWE-1212023

CVE-2024-36258

CRITICAL
CVSS:10.0(Critical)

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary ...

CWE-1212024