PT-2025-22366 · Jq+9 · Jq+9

Published

2025-05-21

Updated

2026-03-29

CVE-2024-23337

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions jq versions up to and including 1.7.1

Description The issue arises from an integer overflow when assigning a value using an index of 2147483647, which is the signed integer limit. This causes a denial of service.

Recommendations For versions up to and including 1.7.1, update to a version that includes the patch from commit de21386681c0df0104a99d9d09db23a9b2a78b1e to resolve the issue.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025:10585

ALSA-2025:10618

ALSA-2025_10585

ALSA-2025_10618

ALT-PU-2025-7731

AZL-61967

AZL-61977

BDU:2025-06692

CESA-2025_10618

CVE-2024-23337

ECHO-9730-832C-E99F

GHSA-2Q6R-344G-CX46

INFSA-2025_10585

INFSA-2025_10618

OESA-2025-1809

OPENSUSE-SU-2025:15233-1

RHSA-2025:10585

RHSA-2025:10613

RHSA-2025:10615

RHSA-2025:10616

RHSA-2025:10618

RHSA-2025:10619

RHSA-2025:10620

RHSA-2025:10621

RHSA-2025:10622

RHSA-2025:12882

RHSA-2025_10585

RHSA-2025_10618

SUSE-SU-2025:02384-1

SUSE-SU-2025:20506-1

SUSE-SU-2025:20591-1

SUSE-SU-2025_02384-1

USN-7657-1

USN-7657-2

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2024-23337

Weakness Enumeration

Related Identifiers

Affected Products

References · 65