CVE-2015-8863

Опубликовано: 06 мая 2016

Источник: debian

EPSS Низкий

Описание

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jq	fixed	1.5+dfsg-1.1		package
jq	fixed	1.4-2.1+deb8u1	jessie	package

Примечания

https://github.com/stedolan/jq/issues/995
https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
https://www.openwall.com/lists/oss-security/2016/04/23/1

EPSS

Процентиль: 92%

0.08888

Низкий

Связанные уязвимости

CVE-2015-8863

CVSS3: 9.8

ubuntu

около 9 лет назад

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

CVE-2015-8863

redhat

больше 9 лет назад

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

CVE-2015-8863

CVSS3: 9.8

nvd

около 9 лет назад

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

CVE-2015-8863

CVSS3: 9.8

msrc

почти 5 лет назад

Описание отсутствует

openSUSE-SU-2016:1214-1

suse-cvrf

около 9 лет назад

Security update for jq

EPSS

Процентиль: 92%

0.08888

Низкий