jq: stack exhaustion via jv_dump_term() function (CVE-2016-4074)
The jv_dump_term function in jq 1.5 allows remote attackers to cause a
denial of
service (stack consumption and application crash) via a crafted JSON
file.
References:
https://github.com/stedolan/jq/issues/1136
http://www.openwall.com/lists/oss-security/2016/04/24/3
Patch:
https://github.com/wmark/jq/commit/904ee3bf26f863b7b31c4085f511e54c0307e537
(from redmine: issue id 8807, created on 2018-04-19, closed on 2018-05-02)
- Relations:
- copied_to #8808 (closed)
- copied_to #8809 (closed)
- copied_to #8810 (closed)
- copied_to #8811 (closed)
- child #8808 (closed)
- child #8809 (closed)
- child #8810 (closed)
- child #8811 (closed)