Bug 1328747 - (CVE-2015-8863) CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function
CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151018,repor...
: Security
Depends On: 1328748 1328749 1328750 1416711 1331202 1331203 1331204 1331209
Blocks: 1328751
  Show dependency treegraph
 
Reported: 2016-04-20 04:36 EDT by Andrej Nemec
Modified: 2017-01-26 07:04 EST (History)
19 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-10 21:15:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1098 normal SHIPPED_LIVE Moderate: jq security update 2016-05-23 23:40:51 EDT
Red Hat Product Errata RHSA-2016:1099 normal SHIPPED_LIVE Moderate: jq security update 2016-05-23 23:40:43 EDT
Red Hat Product Errata RHSA-2016:1106 normal SHIPPED_LIVE Moderate: jq security update 2016-05-25 06:18:28 EDT

  None (edit)
Description Andrej Nemec 2016-04-20 04:36:02 EDT
A vulnerability was found in jq. There was an off-by one error, as the NUL terminator byte was not allocated on resize. A maliciously crafted JSON file could cause the application to crash.

External references:

https://github.com/stedolan/jq/issues/995

Upstream fix:

https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd

References(reproducer available):

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231
Comment 1 Andrej Nemec 2016-04-20 04:36:48 EDT
Created jq tracking bugs for this issue:

Affects: fedora-all [bug 1328748]
Affects: epel-6 [bug 1328749]
Affects: epel-7 [bug 1328750]
Comment 8 errata-xmlrpc 2016-05-23 19:41:01 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7

Via RHSA-2016:1099 https://rhn.redhat.com/errata/RHSA-2016-1099.html
Comment 9 errata-xmlrpc 2016-05-23 19:41:26 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7

Via RHSA-2016:1098 https://rhn.redhat.com/errata/RHSA-2016-1098.html
Comment 10 errata-xmlrpc 2016-05-25 02:18:37 EDT
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 8.0 (Liberty)

Via RHSA-2016:1106 https://rhn.redhat.com/errata/RHSA-2016-1106.html

Note You need to log in before you can comment on or make changes to this bug.