Описание
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
Отчет
Because this vulnerability requires that an unsuspecting user parses a specially crafted malicious JSON file, or that a service that does so accepts untrusted input, and because the consequences of this flaw are limited to exhaustion of the resources available to the user with whose privileges jq parses the malicious file, Red Hat assesses this vulnerability's impact as Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | jq | Will not fix | ||
| Red Hat Enterprise Linux 9 | jq | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | jq | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | jq | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | jq | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | jq | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
The jv_dump_term function in jq 1.5 allows remote attackers to cause a ...
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
EPSS
2.6 Low
CVSS2