CVE-2024-23337

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e	Patch
https://github.com/jqlang/jq/issues/3262	Exploit Issue Tracking
https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46	Exploit Vendor Advisory
https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*

History

20 Jun 2025, 17:41

Type	Values Removed	Values Added
CPE		cpe:2.3:a:jqlang:jq::::::::
First Time		Jqlang jq Jqlang
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~() https://github.com/jqlang/jq/issues/3262 -~~	() https://github.com/jqlang/jq/issues/3262 - Exploit, Issue Tracking
References	~~() https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46 -~~	() https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46 - Exploit, Vendor Advisory
References	~~() https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e -~~	() https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e - Patch

21 May 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-21 15:16

Updated : 2025-06-20 17:41

NVD link : CVE-2024-23337

Mitre link : CVE-2024-23337

JSON object : View

Products Affected

jqlang

CWE

CWE-190

Integer Overflow or Wraparound

6.5 /10