Published: 06/05/2016 Updated: 05/06/2022

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The jv_dump_term function in jq 1.5 allows remote malicious users to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jq project jq

Debian Bug report logs - #802231 jq: CVE-2015-8863: Heap buffer overflow in tokenadd() Package: jq; Maintainer for jq is ChangZhuo Chen (陳昌倬) <czchen@debianorg>; Source for jq is src:jq (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Sun, 18 Oct 2015 16:06:02 UTC Severity: normal Tags: ...

Debian Bug report logs - #822456 jq: CVE-2016-4074: Stack exhaustion parsing a JSON file Package: src:jq; Maintainer for src:jq is ChangZhuo Chen (陳昌倬) <czchen@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 24 Apr 2016 17:27:02 UTC Severity: normal Tags: security, upstream Found ...

The jv_dump_term function in jq 15 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file ...

CWE-770 http://www.openwall.com/lists/oss-security/2016/04/24/3 https://github.com/stedolan/jq/issues/1136 http://www.openwall.com/lists/oss-security/2016/04/24/4 https://github.com/stedolan/jq/https://github.com/NixOS/nixpkgs/pull/18908 https://github.com/hashicorp/consul/issues/10263 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231 https://access.redhat.com/security/cve/cve-2016-4074

CVE-2016-4074

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect