jq is vulnerable to denial of service (DoS) attacks. The vulnerability exists as an off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
CPE | Name | Operator | Version |
---|---|---|---|
jq | eq | 1.3__2.el7ost | |
jq | eq | 1.3__2.el7 |