CVE-2015-8863 - Vulncode-DB

CVE-2015-8863 (NVD)

2016-05-06

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

Products	Jq, Leap, Opensuse
Type	Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
First patch	https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
Relevant file/s	./src/jv_parse.c (modified, +2, -2)
Links	• http://rhn.redhat.com/errata/RHSA-2016-1106.html • https://github.com/stedolan/jq/issues/995 • https://security.gentoo.org/glsa/201612-20 • http://lists.opensuse.org/opensuse-updates/2016-05/msg00012.html • http://www.openwall.com/lists/oss-security/2016/04/23/2 More/Less (5) • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231 • http://rhn.redhat.com/errata/RHSA-2016-1098.html • http://lists.opensuse.org/opensuse-updates/2016-05/msg00014.html • http://rhn.redhat.com/errata/RHSA-2016-1099.html • http://www.openwall.com/lists/oss-security/2016/04/23/1

jq - Tree: 8eb1367ca4

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: