cbcvebase.
CVE-2024-23337
published 2025-05-21

CVE-2024-23337: jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the…

PriorityP428medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.35%
27.0th percentile
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianjq< jq 1.7.1-6 (forky)jq 1.7.1-6 (forky)
jqlangjq<= 1.7.1
jqlangjq>= 0 < 1.7.1-61.7.1-6
jqlangjq>= 0 < 1.7.1-61.7.1-6
jqlangjq>= 0 < 1.6-2.1ubuntu3.11.6-2.1ubuntu3.1
jqlangjq>= 0 < 1.7.1-3ubuntu0.24.04.11.7.1-3ubuntu0.24.04.1
jqlangjq>= 0 < 1.5+dfsg-1ubuntu0.1+esm31.5+dfsg-1ubuntu0.1+esm3
jqlangjq>= 0 < 1.5+dfsg-2ubuntu0.1~esm11.5+dfsg-2ubuntu0.1~esm1
jqlangjq>= 0 < 1.6-1ubuntu0.20.04.1+esm11.6-1ubuntu0.20.04.1+esm1
msrcazl3_jq_1.7.1-3_on_azure_linux_3.0
msrccbl2_jq_1.6-3_on_cbl_mariner_2.0
msrccm2_jq_1.6-3_on_cbl_mariner_2.0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian4.3LOW
vendor_msrc4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.