Updated: 2026-02-27 03:13:44.744746
Description:
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | jq | 1.6 | 5.5 | MEDIUM | Ignored | 2025-09-30 16:07:15 | This issue is confined to jq’s internal test framework (run_jq_tests in jq_test.c) and is not exer... | |
| TuxCare 9.6 ESU | jq | 1.6 | 5.5 | MEDIUM | Ignored | 2025-12-19 04:04:25 | CVE-2025-9403 is confined to jq’s internal test harness (run_jq_tests in jq_test.c) and is only re... |