CVE-2016-4074

Published: May 6, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20160424 Re: CVE Request: jq: stack exhaustion using jv_dump_term() function

mailing-list

x_refsource_MLIST

https://github.com/stedolan/jq/issues/1136

x_refsource_MISC

[oss-security] 20160424 CVE Request: jq: stack exhaustion using jv_dump_term() function

mailing-list

x_refsource_MLIST

https://github.com/stedolan/jq/

x_refsource_MISC

https://github.com/NixOS/nixpkgs/pull/18908

x_refsource_MISC

https://github.com/hashicorp/consul/issues/10263

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-4074

Description

Affected Products

References