CVE-2016-4074: Allocation of Resources Without Limits or Throttling

May 6, 2016 (updated September 14, 2021)

The jv_dump_term function in jq allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jg _rc1-r0.

References

www.openwall.com/lists/oss-security/2016/04/24/3
www.openwall.com/lists/oss-security/2016/04/24/4
github.com/NixOS/nixpkgs/pull/18908
github.com/hashicorp/consul/issues/10263
github.com/stedolan/jq/
github.com/stedolan/jq/issues/1136
nvd.nist.gov/vuln/detail/CVE-2016-4074

Code Behaviors & Features

Detect and mitigate CVE-2016-4074 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →