[3.7] jq: stack exhaustion via jv_dump_term() function (CVE-2016-4074)
The jv_dump_term function in jq 1.5 allows remote attackers to cause a
denial of
service (stack consumption and application crash) via a crafted JSON
file.
References:
https://github.com/stedolan/jq/issues/1136
http://www.openwall.com/lists/oss-security/2016/04/24/3
Patch:
https://github.com/wmark/jq/commit/904ee3bf26f863b7b31c4085f511e54c0307e537
(from redmine: issue id 8808, created on 2018-04-19, closed on 2018-05-02)
- Relations:
- copied_to #8807 (closed)
- parent #8807 (closed)
- Changesets:
- Revision 08fa87da on 2018-04-30T15:41:19Z:
main/jq: security fix (CVE-2016-4074). Fixes #8808
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information