CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-4074
https://notcve.org/view.php?id=CVE-2016-4074
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0. La función jv_dump_term de jq 1.5 permite a los atacantes remotos provocar una denegación de servicio (consumo de pila y caída de la aplicación) a través de un archivo JSON manipulado. Este problema ha sido corregido en jg 1.6_rc1-r0 • http://www.openwall.com/lists/oss-security/2016/04/24/3 http://www.openwall.com/lists/oss-security/2016/04/24/4 https://github.com/NixOS/nixpkgs/pull/18908 https://github.com/hashicorp/consul/issues/10263 https://github.com/stedolan/jq https://github.com/stedolan/jq/issues/1136 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2015-8863 – jq: heap-buffer-overflow in tokenadd() function
https://notcve.org/view.php?id=CVE-2015-8863
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. Error por un paso en la función tokenadd en jv_parse.c en jq permite a atacantes remotos provocar una denegación de servicio (caída) a través de un número largo codificado en JSON, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00012.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00014.html http://rhn.redhat.com/errata/RHSA-2016-1098.html http://rhn.redhat.com/errata/RHSA-2016-1099.html http://rhn.redhat.com/errata/RHSA-2016-1106.html http://www.openwall.com/lists/oss-security/2016/04/23/1 http://www.openwall.com/lists/oss-security/2016/04/23/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231 https://github. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •