Califmonk

**Name of the Vulnerable Software and Affected Versions** jq versions prior to 1.8.2 **Description** The `jv contains()` function recurses into nested arrays and objects without a depth limit. When processing a sufficiently nested input structure, this can lead to C stack exhaustion, causing the application to crash. **Recommendations** Update to a version later than 1.8.1. As a temporary workaround, restrict the use of the `jv contains()` function when processing deeply nested JSON structures.

**Name of the Vulnerable Software and Affected Versions** jq versions prior to 1.8.2 **Description** The bytecode VM's data stack tracks its allocation size using a signed integer. When the stack grows beyond approximately 1 GiB through deeply nested generator forks, the doubling arithmetic overflows. This wrapped value is then passed to `realloc` and subsequently used in a `memmove` operation with offsets influenced by an attacker. **Recommendations** Update to a version later than 1.8.1.

**Name of the Vulnerable Software and Affected Versions** jq versions prior to 1.8.2 **Description** A flaw exists in the `decNumberFromString()` function when processing a number literal containing 2147483646 digits. This causes the `D2U()` macro to overflow during signed-int arithmetic, leading to a wrapped negative value that bypasses heap-allocation size checks. Consequently, the function utilizes a 30-byte stack buffer and writes approximately 1.4 GiB of attacker-controlled data at an offset 1.43 GiB below the stack frame. **Recommendations** Update to a version later than 1.8.1.