The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/04/24/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/04/24/4 | Mailing List Third Party Advisory |
https://github.com/NixOS/nixpkgs/pull/18908 | Patch Third Party Advisory |
https://github.com/hashicorp/consul/issues/10263 | Third Party Advisory |
https://github.com/stedolan/jq/ | Product Third Party Advisory |
https://github.com/stedolan/jq/issues/1136 | Exploit Patch Third Party Advisory |
Configurations
History
04 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0. |
14 Sep 2021, 12:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 | |
References |
|
|
References | (MISC) https://github.com/NixOS/nixpkgs/pull/18908 - Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2016/04/24/4 - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/stedolan/jq/issues/1136 - Exploit, Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2016/04/24/3 - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/stedolan/jq/ - Product, Third Party Advisory |
15 Jul 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jg 1.6_rc1-r0. |
Information
Published : 2016-05-06 17:59
Updated : 2024-02-04 18:53
NVD link : CVE-2016-4074
Mitre link : CVE-2016-4074
CVE.ORG link : CVE-2016-4074
JSON object : View
Products Affected
jq_project
- jq
CWE
CWE-770
Allocation of Resources Without Limits or Throttling