CVE-2016-4074

Опубликовано: 06 мая 2016

Источник: debian

EPSS Низкий

Описание

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jq	fixed	1.5+dfsg-1.1		package
jq	fixed	1.4-2.1+deb8u1	jessie	package

Примечания

https://github.com/stedolan/jq/issues/1136
https://www.openwall.com/lists/oss-security/2016/04/24/3

EPSS

Процентиль: 83%

0.01997

Низкий

Связанные уязвимости

CVE-2016-4074

CVSS3: 7.5

ubuntu

около 9 лет назад

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

CVE-2016-4074

redhat

около 9 лет назад

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

CVE-2016-4074

CVSS3: 7.5

nvd

около 9 лет назад

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

CVE-2016-4074

CVSS3: 7.5

msrc

почти 5 лет назад

Описание отсутствует

GHSA-63w9-2p7c-mwwp

CVSS3: 7.5

github

около 3 лет назад

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

EPSS

Процентиль: 83%

0.01997

Низкий