Lucene search
Veracode Vulnerability DatabaseVERACODE:12054HistoryJan 15, 2019 - 9:11 a.m.
Denial Of Service (DoS)
2019-01-1509:11:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.034 Low
EPSS
Percentile
91.5%
jq is vulnerable to denial of service (DoS) attacks. The vulnerability exists as an off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jq | eq | 1.3__2.el7ost | |
| jq | eq | 1.3__2.el7 |
Related
redhat
redhat
(RHSA-2016:1106) Moderate: jq security update
2016-05-25 00:02:42
(RHSA-2016:1098) Moderate: jq security update
2016-05-23 23:29:05
(RHSA-2016:1099) Moderate: jq security update
2016-05-23 23:29:25
cbl_mariner
cbl_mariner
CVE-2015-8863 affecting package jq for versions less than 1.5-6
2022-04-09 06:51:41
CVE-2015-8863 affecting package jq 1.5-6
2020-09-09 06:09:09
prion
prion
Heap overflow
2016-05-06 17:59:00
nessus
nessus
openSUSE Security Update : jq (openSUSE-2016-550)
2016-05-05 00:00:00
Amazon Linux AMI : jq (ALAS-2016-705)
2016-06-06 00:00:00
openSUSE Security Update : jq (openSUSE-2016-551)
2016-05-05 00:00:00
nvd
nvd
CVE-2015-8863
2016-05-06 17:59:03
amazon
amazon
Medium: jq
2016-06-02 17:38:00
gentoo
gentoo
jq: Buffer overflow
2016-12-08 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-705)
2016-10-26 00:00:00
Mageia: Security Advisory (MGASA-2017-0415)
2022-01-28 00:00:00
debiancve
debiancve
CVE-2015-8863
2016-05-06 17:59:03
ubuntucve
ubuntucve
CVE-2015-8863
2016-05-06 00:00:00
cvelist
cvelist
CVE-2015-8863
2016-05-06 17:00:00
cve
cve
CVE-2015-8863
2016-05-06 17:59:03
archlinux
archlinux
jq: arbitrary code execution
2016-08-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package jq version 1.5-alt1.M80P.1
2017-05-11 00:00:00
mageia
mageia
Updated jq packages fix security vulnerabilities
2017-11-19 13:23:35