From: Anton Skorup <[email protected]> CVE details: https://vulert.com/vuln-db/--4743
Signed-off-by: Anton Skorup <[email protected]> --- v3 * Rebased to master-next v2 * Added patch to stack of jq CVEs --- .../jq/jq/CVE-2026-49389.patch | 31 +++++++++++++++++++ meta-oe/recipes-devtools/jq/jq_1.8.1.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta-oe/recipes-devtools/jq/jq/CVE-2026-49389.patch diff --git a/meta-oe/recipes-devtools/jq/jq/CVE-2026-49389.patch b/meta-oe/recipes-devtools/jq/jq/CVE-2026-49389.patch new file mode 100644 index 0000000000..3189158b4a --- /dev/null +++ b/meta-oe/recipes-devtools/jq/jq/CVE-2026-49389.patch @@ -0,0 +1,31 @@ +From e987df0d463d85fd70825e042a082427e8275b86 Mon Sep 17 00:00:00 2001 +From: itchyny <[email protected]> +Date: Mon, 8 Jun 2026 22:14:48 +0900 +Subject: [PATCH] Fix heap-buffer-overflow in raw file loading + +When `jv_string_append_buf` overflows the string length limit, +it returns an invalid `jv`; `jv_load_file` then re-entered it +on the invalid value and overran the heap. Break out of the loop +once the value is invalid. + +Fixes CVE-2026-49839. + +Signed-off-by: Anton Skorup <[email protected]> +Upstream-Status: Backport [https://github.com/jqlang/jq/commit/e987df0d463d85fd70825e042a082427e8275b86] +--- + src/jv_file.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/jv_file.c b/src/jv_file.c +index 7706b0e06e..fbc1e4d653 100644 +--- a/src/jv_file.c ++++ b/src/jv_file.c +@@ -57,6 +57,8 @@ jv jv_load_file(const char* filename, int raw) { + + if (raw) { + data = jv_string_append_buf(data, buf, n); ++ if (!jv_is_valid(data)) ++ break; + } else { + jv_parser_set_buf(parser, buf, n, !feof(file)); + jv value; diff --git a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb index 14e77c1bc6..e1791ad099 100644 --- a/meta-oe/recipes-devtools/jq/jq_1.8.1.bb +++ b/meta-oe/recipes-devtools/jq/jq_1.8.1.bb @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${ file://CVE-2026-33948.patch \ file://CVE-2026-39979.patch \ file://CVE-2026-47770.patch \ + file://CVE-2026-49389.patch \ file://CVE-2026-49839.patch \ " -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#127628): https://lists.openembedded.org/g/openembedded-devel/message/127628 Mute This Topic: https://lists.openembedded.org/mt/119846935/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
