jq Heap-Buffer-Overflow Vulnerability in jv_string_vfmt Function

A heap-buffer-overflow vulnerability has been identified in jq, a command-line JSON processor, in versions through 1.7.1. The issue arises in the jv_string_vfmt function, within the jq_fuzz_execute harness from oss-fuzz. The vulnerability was triggered during fuzz testing, leading to a crash caused by a heap-buffer-overflow error. The problem originates from improper memory allocation, where the allocated buffer size is insufficient, allowing for out-of-bounds memory access.

Impact

Exploitation of this vulnerability leads to a heap-buffer-overflow, a common type of vulnerability that can be exploited to execute arbitrary code or cause a program to crash.

Reproduction

The vulnerability can be reproduced by compiling jq with the build script from oss-fuzz, and then running the jq_fuzz_execute harness with a crafted input that triggers the heap-buffer-overflow. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.