CVE-2026-39979

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions jq versions prior to 2f09060afab23fe9390cce7cb860b10416e1bf5f

Description The jv parse sized() API in libjq accepts a counted buffer with an explicit length parameter. However, its error-handling path formats the input buffer using %s in jv string fmt(), which reads until a NUL terminator is found instead of respecting the provided length. When malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. This can lead to memory disclosure or process termination depending on the memory layout.

Recommendations Update to version 2f09060afab23fe9390cce7cb860b10416e1bf5f.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:16252

ALSA-2026:16692

ALSA-2026:16693

ALSA-2026:19151

ALSA-2026:19365

BDU:2026-05572

CVE-2026-39979

ECHO-8163-2CAB-0C0F

OESA-2026-1981

OPENSUSE-SU-2026:10850-1

RHSA-2026:16252

RHSA-2026:16692

RHSA-2026:16693

RHSA-2026:18040

RHSA-2026:18042

RHSA-2026:18043

RHSA-2026:18044

RHSA-2026:18045

RHSA-2026:18046

RHSA-2026:18047

RHSA-2026:18048

RHSA-2026:19151

RHSA-2026:19365

RHSA-2026:8579

USN-8202-1

USN-8202-2

Affected Products

Linuxmint

Rocky Linux

Ubuntu

CVE-2026-39979

Weakness Enumeration

Related Identifiers

Affected Products

References · 63