CVE-2016-4074

描述

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

受影響套件(2)

• Alpine/jqfrom 0, < 1.6_rc1-r0
• Debian/jqfrom 0, < 1.5+dfsg-1.1

CVSS 分數

參考連結(2)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-4074
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-4074