oss-sec mailing list archives

Re: CVE Request: jq: heap buffer overflow in tokenadd() function

From: cve-assign () mitre org
Date: Sat, 23 Apr 2016 09:43:42 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

https://github.com/stedolan/jq/issues/995
https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
https://bugs.debian.org/802231
https://bugzilla.redhat.com/show_bug.cgi?id=1328747


Use CVE-2015-8863 for this off-by-one error that leads to a heap-based
buffer overflow.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXG3shAAoJEHb/MwWLVhi2ZK8P/iadMgPsxxPobYn4G1WMVt82
P+JvHootEspQ1kJfPdQKbDNjgAn0oW774Nwn4pItBhDYhZ6WJ4hQsEMoOjZh6UEz
Dt/W21djT6gcTXD6MlGRx6SCHf9jAzZibAFz5xjey41fLjmSoOR0gkrSPXAEgbYJ
ChNb6mVBz1mc5DJg7tzgKwVy2StfL9RUyghNG+Jt1ieNCzrkK4Kcr/q7pPIIuSkX
Rc/DviITdlBgUGkkA5BtsqUUk5f1h74rlRJPjH3J9q4vKgfkhF8bxXBCtSUeUz6x
0UGfwbQ4JNZ0XB4mZolciyPFASkCtryIz7vujEo7FwsFnAI0khiE2qBxE0C5YpnO
ijimXY9YE08TSoylK5UPUF1MyceRhN5foqBT84OB9M3wF/CWoTm7eGTbona5Npgj
hXJrNKt13Wm7gCf6fuSq+tx3ZYdgGMEryH6LXSojNolR5AivJD8dZ51/7pvsOT9c
kmy1X5oc/70U3FKzfHK29cCqgo33esUTkDYHZwkh0uIUCaBAGjLmotJ4f6iUmqjW
u/r83UcRYxhD7CkIaMPRwvomVcg1/UEOKHBxUf4ggdLsGBCUG7Ir9rruxu1BxUKr
oXJpvXmWSnIX99oZRYNic5hj96bJ/lS6Nzc4Cs92+7iLNbVte82wpARXkdKtUwo2
D5jopjAn7dYKUHHCe3WP
=AvmJ
-----END PGP SIGNATURE-----

Current thread:

CVE Request: jq: heap buffer overflow in tokenadd() function Salvatore Bonaccorso (Apr 22)
- Re: CVE Request: jq: heap buffer overflow in tokenadd() function cve-assign (Apr 23)