Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Apr 2016 10:44:39 +0200
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: jq: stack exhaustion using jv_dump_term() function

Hi,

A crash caused by stack exhaustion parsing a JSON was found. It affects, at
least version 1.5 as well as the last git revision. Technical details and a
reproducer are available here:

https://github.com/stedolan/jq/issues/1136

This crash was found by QuickFuzz working with Radamsa (that caused the
extreme mutation)

Regards,
Gustavo.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ