CVE-2016-4074

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
References
Link Resource
http://www.openwall.com/lists/oss-security/2016/04/24/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/04/24/4 Mailing List Third Party Advisory
https://github.com/NixOS/nixpkgs/pull/18908 Patch Third Party Advisory
https://github.com/hashicorp/consul/issues/10263 Third Party Advisory
https://github.com/stedolan/jq/ Product Third Party Advisory
https://github.com/stedolan/jq/issues/1136 Exploit Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:jq_project:jq:*:*:*:*:*:*:*:*

History

04 Feb 2022, 16:15

Type Values Removed Values Added
Summary The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jg 1.6_rc1-r0. The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

14 Sep 2021, 12:11

Type Values Removed Values Added
CWE CWE-119 CWE-770
References
  • (MISC) https://github.com/hashicorp/consul/issues/10263 - Third Party Advisory
References (MISC) https://github.com/NixOS/nixpkgs/pull/18908 - (MISC) https://github.com/NixOS/nixpkgs/pull/18908 - Patch, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2016/04/24/4 - (MLIST) http://www.openwall.com/lists/oss-security/2016/04/24/4 - Mailing List, Third Party Advisory
References (MISC) https://github.com/stedolan/jq/issues/1136 - Exploit (MISC) https://github.com/stedolan/jq/issues/1136 - Exploit, Patch, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2016/04/24/3 - (MLIST) http://www.openwall.com/lists/oss-security/2016/04/24/3 - Mailing List, Third Party Advisory
References (MISC) https://github.com/stedolan/jq/ - (MISC) https://github.com/stedolan/jq/ - Product, Third Party Advisory

15 Jul 2021, 15:15

Type Values Removed Values Added
Summary The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jg 1.6_rc1-r0.

Information

Published : 2016-05-06 17:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-4074

Mitre link : CVE-2016-4074

CVE.ORG link : CVE-2016-4074


JSON object : View

Products Affected

jq_project

  • jq
CWE
CWE-770

Allocation of Resources Without Limits or Throttling