Vulnerability CVE-2016-4074: Information
Description
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
jq | sisyphus | 1.5-alt3.S1 | 1.7.1-alt2 | ALT-PU-2018-1830-1 | 207482 | Fixed |
jq | p10 | 1.5-alt3.S1 | 1.7.1-alt1 | ALT-PU-2018-1830-1 | 207482 | Fixed |
jq | p9 | 1.5-alt3.S1 | 1.6-alt2 | ALT-PU-2018-1830-1 | 207482 | Fixed |
jq | p8 | 1.5-alt3.M80P.1 | 1.5-alt3.M80P.1 | ALT-PU-2018-1850-1 | 207483 | Fixed |
jq | c10f1 | 1.5-alt3.S1 | 1.6-alt2 | ALT-PU-2018-1830-1 | 207482 | Fixed |
jq | c9f2 | 1.5-alt3.S1 | 1.6-alt2 | ALT-PU-2018-1830-1 | 207482 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
[oss-security] 20160424 CVE Request: jq: stack exhaustion using jv_dump_term() function |
|
https://github.com/stedolan/jq/issues/1136 |
|
[oss-security] 20160424 Re: CVE Request: jq: stack exhaustion using jv_dump_term() function |
|
https://github.com/stedolan/jq/ |
|
https://github.com/NixOS/nixpkgs/pull/18908 |
|
https://github.com/hashicorp/consul/issues/10263 |
|