Note:
This project will be discontinued after December 13, 2021. [more]
2016-05-06
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
Products | Jq |
Type | Allocation of Resources Without Limits or Throttling (CWE-770) |
First patch | - None (likely due to unavailable code) |
Patches |
• https://github.com/stedolan/jq/issues/1136
• https://github.com/NixOS/nixpkgs/pull/18908 |
Links |
• http://www.openwall.com/lists/oss-security/2016/04/24/3
• https://github.com/stedolan/jq/ • https://github.com/hashicorp/consul/issues/10263 • http://www.openwall.com/lists/oss-security/2016/04/24/4 |