Description

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

INFO

Published Date :

2025-05-21T14:34:51.007Z

Last Modified :

2025-05-21T14:57:18.378Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-23337 vulnerability.

Vendors Products
Jqlang
  • Jq
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Eus Long Life
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-23337.

URL Resource
https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e cve-icon cve-icon cve-icon
https://github.com/jqlang/jq/issues/3262 cve-icon cve-icon cve-icon
https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46 cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-23337 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-23337 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact