1328747 – (CVE-2015-8863) CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function

Bug 1328747 (CVE-2015-8863) - CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function

Summary: CVE-2015-8863 jq: heap-buffer-overflow in tokenadd() function

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-8863
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1416711 1328748 1328749 1328750 1331202 1331203 1331204 1331209
Blocks:	1328751
TreeView+	depends on / blocked

Reported:	2016-04-20 08:36 UTC by Andrej Nemec
Modified:	2021-04-15 04:07 UTC (History)
CC List:	21 users (show)
Fixed In Version:	jq 1.6
Doc Type:	Bug Fix
Doc Text:	A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.
Clone Of:
Environment:
Last Closed:	2016-07-11 01:15:07 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:1098	normal	SHIPPED_LIVE	Moderate: jq security update	2016-05-24 03:40:51 UTC
Red Hat Product Errata	RHSA-2016:1099	normal	SHIPPED_LIVE	Moderate: jq security update	2016-05-24 03:40:43 UTC
Red Hat Product Errata	RHSA-2016:1106	normal	SHIPPED_LIVE	Moderate: jq security update	2016-05-25 10:18:28 UTC

Description Andrej Nemec 2016-04-20 08:36:02 UTC

A vulnerability was found in jq. There was an off-by one error, as the NUL terminator byte was not allocated on resize. A maliciously crafted JSON file could cause the application to crash.

External references:

https://github.com/stedolan/jq/issues/995

Upstream fix:

https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd

References(reproducer available):

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231

Comment 1 Andrej Nemec 2016-04-20 08:36:48 UTC

Created jq tracking bugs for this issue:

Affects: fedora-all [bug 1328748]
Affects: epel-6 [bug 1328749]
Affects: epel-7 [bug 1328750]

Comment 8 errata-xmlrpc 2016-05-23 23:41:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7

Via RHSA-2016:1099 https://rhn.redhat.com/errata/RHSA-2016-1099.html

Comment 9 errata-xmlrpc 2016-05-23 23:41:26 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7

Via RHSA-2016:1098 https://rhn.redhat.com/errata/RHSA-2016-1098.html

Comment 10 errata-xmlrpc 2016-05-25 06:18:37 UTC

This issue has been addressed in the following products:

  Red Hat OpenStack Platform 8.0 (Liberty)

Via RHSA-2016:1106 https://rhn.redhat.com/errata/RHSA-2016-1106.html

Note You need to log in before you can comment on or make changes to this bug.

abaron
aortega
apevec
ayoung
carnil
chrisw
dallan
fpercoco
gkotton
jhrozek
jschluet
lhh
lpeer
markmc
rbryant
rhos-maint
sardella
sclewis
slong
spoore
tdecacqu