CVE-2024-23337

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e
https://github.com/jqlang/jq/issues/3262
https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46
https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46

Configurations

No configuration.

History

21 May 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-21 15:16

Updated : 2025-05-21 20:24

NVD link : CVE-2024-23337

Mitre link : CVE-2024-23337

CVE.ORG link : CVE-2024-23337

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

4.3 /10