ANT-2026-EBDTPNVH · jq

heap-buffer-overflow medium

CVE-2026-32316

Severity Claude medium · Security research firm medium · Maintainer unknown

Discovered by Claude Mythos Preview

REPORT

Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Trail of Bits.

ANT-2026-EBDTPNVH: Integer overflow in string concatenation leading to 1 GB memcpy heap buffer overflow

An integer overflow during string concatenation leads to a 1 GB memcpy heap buffer overflow.

Target

Project: jq
Discovery: static analysis — not yet dynamically reproduced

Technical Details

The root cause is an integer overflow in the string-concatenation size calculation; the resulting undersized buffer is then overflowed by a ~1 GB memcpy.

Reproduction

This finding was identified by static analysis and has not yet been dynamically reproduced. The Technical Details section above describes the code path; a trigger input is not included.

[No reproducer or sanitizer output attached — request from cvd@anthropic.com if needed.]

Acknowledgement

This vulnerability was discovered by Claude, Anthropic's AI assistant, and triaged by the Anthropic security team in collaboration with Anthropic Research. Please direct questions to security-cvd@anthropic.com and reference ANT-2026-EBDTPNVH.

Reference: ANT-2026-EBDTPNVH
Anthropic CVD Policy: https://anthropic.com/security/cvd-policy

SECURITY RESEARCH FIRM ANALYSIS

Triage and disclosure were performed by Trail of Bits.

Verdict
true positive
Severity
medium
TIMELINE

Dates from discovery through public reveal.

  1. 2026-03-29 Reported to tracker
  2. 2026-05-07 Sent to maintainer
  3. 2026-05-07 Patch released
  4. 2026-05-07 Maintainer acknowledged
  5. 2026-05-20 Publicly revealed
PROVENANCE

SHA-3-512 hash:

e58a8b9eeba1e34b6155b568522e0ed14fbaab99b1699e170f1bb129f78dd3b8ad1baf7997acbfbd05c8a10c16ffad6f5cda3bd7b6798efd06569cd55df3c1a9

Committed 2026-05-07 00:00 PT

Revealed 2026-05-20 00:40 PT

Verify (download preimage.json)

Show preimage JSON 
{
  "ant_id": "ANT-2026-EBDTPNVH",
  "bug_class": "Heap Buffer Overflow",
  "claude_severity": "medium",
  "commit_sha": null,
  "created_at": "2026-03-29T20:43:01+00:00",
  "description": "An integer overflow during string concatenation leads to a 1 GB memcpy heap buffer overflow.",
  "discovered_at": null,
  "location": null,
  "poc_sha256": null,
  "preimage_version": 1,
  "project": "jq",
  "reproduction": null,
  "technical_details": "The root cause is an integer overflow in the string-concatenation size calculation; the resulting undersized buffer is then overflowed by a ~1 GB memcpy.",
  "title": "Integer overflow in string concatenation leading to 1 GB memcpy heap buffer overflow",
  "vendor_severity": "medium"
}