Note:
This project will be discontinued after December 13, 2021. [more]
2016-05-06
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
| Products | Jq |
| Type | Allocation of Resources Without Limits or Throttling (CWE-770) |
| First patch | - None (likely due to unavailable code) |
| Patches |
• https://github.com/stedolan/jq/issues/1136
• https://github.com/NixOS/nixpkgs/pull/18908 |
| Links |
• http://www.openwall.com/lists/oss-security/2016/04/24/3
• https://github.com/stedolan/jq/ • https://github.com/hashicorp/consul/issues/10263 • http://www.openwall.com/lists/oss-security/2016/04/24/4 |