Lucene search
DebianCVELIST:CVE-2015-8863HistoryMay 06, 2016 - 5:00 p.m.
CVE-2015-8863
2016-05-0617:00:00
debian
www.cve.org
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
References
lists.opensuse.org/opensuse-updates/2016-05/msg00012.html
lists.opensuse.org/opensuse-updates/2016-05/msg00014.html
rhn.redhat.com/errata/RHSA-2016-1098.html
rhn.redhat.com/errata/RHSA-2016-1099.html
rhn.redhat.com/errata/RHSA-2016-1106.html
www.openwall.com/lists/oss-security/2016/04/23/1
www.openwall.com/lists/oss-security/2016/04/23/2
bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231
github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
github.com/stedolan/jq/issues/995
security.gentoo.org/glsa/201612-20
Related
redhat
redhat
(RHSA-2016:1106) Moderate: jq security update
2016-05-25 00:02:42
(RHSA-2016:1098) Moderate: jq security update
2016-05-23 23:29:05
(RHSA-2016:1099) Moderate: jq security update
2016-05-23 23:29:25
cbl_mariner
cbl_mariner
CVE-2015-8863 affecting package jq for versions less than 1.5-6
2022-04-09 06:51:41
CVE-2015-8863 affecting package jq 1.5-6
2020-09-09 06:09:09
prion
prion
Heap overflow
2016-05-06 17:59:00
nessus
nessus
Amazon Linux AMI : jq (ALAS-2016-705)
2016-06-06 00:00:00
openSUSE Security Update : jq (openSUSE-2016-550)
2016-05-05 00:00:00
openSUSE Security Update : jq (openSUSE-2016-551)
2016-05-05 00:00:00
gentoo
gentoo
jq: Buffer overflow
2016-12-08 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-705)
2016-10-26 00:00:00
Mageia: Security Advisory (MGASA-2017-0415)
2022-01-28 00:00:00
debiancve
debiancve
CVE-2015-8863
2016-05-06 17:59:03
nvd
nvd
CVE-2015-8863
2016-05-06 17:59:03
amazon
amazon
Medium: jq
2016-06-02 17:38:00
ubuntucve
ubuntucve
CVE-2015-8863
2016-05-06 00:00:00
cve
cve
CVE-2015-8863
2016-05-06 17:59:03
archlinux
archlinux
jq: arbitrary code execution
2016-08-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package jq version 1.5-alt1.M80P.1
2017-05-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:11:40
mageia
mageia
Updated jq packages fix security vulnerabilities
2017-11-19 13:23:35