2 matches found
jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers
A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...
PT-2024-13939 · Emdns · Emdns
Name of the Vulnerable Software and Affected Versions: emdns versions through fbd1eef Description: The issue arises from the emdns resolve raw function in emdns.c, which calls strlen with an input that may not be 0 terminated, leading to a stack-based buffer over-read. This can be triggered by a...