SB2018041714 - Buffer overflow in jq (Alpine package)
Published: April 17, 2018
Security Bulletin ID
SB2018041714
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2016-4074)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=cf67851f93c049ccf42e0811509aa517fec6ac59
- https://git.alpinelinux.org/aports/commit/?id=5f5f852407d176edf3596f5dcde0cd7aa21d446c
- https://git.alpinelinux.org/aports/commit/?id=1bfcfb905d961ba964207398fa61c21690f058f1
- https://git.alpinelinux.org/aports/commit/?id=e10ec9bc1b1ba649892df0d8f7c116a1172e51a3
- https://git.alpinelinux.org/aports/commit/?id=08fa87dac229e919eba54885a02dca0ae57c5f41
- https://git.alpinelinux.org/aports/commit/?id=37aee0002e98bcd41e35d010a63c7989589a10b5
- https://git.alpinelinux.org/aports/commit/?id=929b5faa3daa8490ac9e97720d28d0435c6936b7