Vulnerability CVE-2016-4074: Information

Description

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-4074

Published: May 6, 2016

Modified: June 5, 2022

Error type identifier: CWE-770

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
jq	sisyphus	1.5-alt3.S1	1.7.1-alt2	ALT-PU-2018-1830-1	207482	Fixed
jq	p10	1.5-alt3.S1	1.7.1-alt1	ALT-PU-2018-1830-1	207482	Fixed
jq	p9	1.5-alt3.S1	1.6-alt2	ALT-PU-2018-1830-1	207482	Fixed
jq	p8	1.5-alt3.M80P.1	1.5-alt3.M80P.1	ALT-PU-2018-1850-1	207483	Fixed
jq	c10f1	1.5-alt3.S1	1.6-alt2	ALT-PU-2018-1830-1	207482	Fixed
jq	c9f2	1.5-alt3.S1	1.6-alt2	ALT-PU-2018-1830-1	207482	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
[oss-security] 20160424 CVE Request: jq: stack exhaustion using jv_dump_term() function	Mailing List Third Party Advisory
https://github.com/stedolan/jq/issues/1136	Exploit Patch Third Party Advisory
[oss-security] 20160424 Re: CVE Request: jq: stack exhaustion using jv_dump_term() function	Mailing List Third Party Advisory
https://github.com/stedolan/jq/	Product Third Party Advisory
https://github.com/NixOS/nixpkgs/pull/18908	Patch Third Party Advisory
https://github.com/hashicorp/consul/issues/10263	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:jq_project:jq:*:*:*:*:*:*:*:*
  End including
  1.5

Version: v24.5.0

Vulnerability CVE-2016-4074: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1