Highitchy

**Name of the Vulnerable Software and Affected Versions** jq versions prior to 1.8.2 **Description** An integer overflow occurs within the `jvp string append()` and `jvp string copy replace bad()` functions when concatenating strings with a combined length exceeding 2^31 bytes. This leads to a 32-bit unsigned integer overflow during the buffer allocation size calculation, resulting in an undersized heap buffer. Subsequent memory copy operations write the full string data into this buffer, causing a heap-based buffer overflow. This issue stems from a lack of string size bounds checking. An attacker can exploit this by crafting queries that produce extremely large strings to crash the process or achieve heap corruption. **Recommendations** Update to a version later than 1.8.1.