CVE-2015-8863

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:jq_project:jq:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-05-06 17:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-8863

Mitre link : CVE-2015-8863

CVE.ORG link : CVE-2015-8863


JSON object : View

Products Affected

opensuse

  • opensuse
  • leap

jq_project

  • jq
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer