Date: Sun, 24 Apr 2016 10:44:39 +0200 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request: jq: stack exhaustion using jv_dump_term() function Hi, A crash caused by stack exhaustion parsing a JSON was found. It affects, at least version 1.5 as well as the last git revision. Technical details and a reproducer are available here: https://github.com/stedolan/jq/issues/1136 This crash was found by QuickFuzz working with Radamsa (that caused the extreme mutation) Regards, Gustavo.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ