Skip to main content

Jq CVE-2024-23337

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2025-05-21 security-advisories@github.com
4.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
SUSE
MEDIUM
qualitative
Red Hat
4.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:43 vuln.today
Patch released
Mar 28, 2026 - 18:43 nvd
Patch available
PoC Detected
Jun 20, 2025 - 17:41 vuln.today
Public exploit code
CVE Published
May 21, 2025 - 15:16 nvd
MEDIUM 4.3

DescriptionGitHub Advisory

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

AnalysisAI

jq is a command-line JSON processor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue. Affected products include: Jqlang Jq.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More in Jq

View all
CVE-2024-53427 HIGH POC
8.1 Feb 26

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which ha

CVE-2015-8863 CRITICAL
9.8 May 06

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (cras

CVE-2025-48060 HIGH POC
7.7 May 21

jq is a command-line JSON processor. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no auth

CVE-2016-4074 HIGH POC
7.5 May 06

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and applicat

CVE-2023-49355 HIGH POC
7.5 Dec 11

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" inpu

CVE-2023-50268 MEDIUM POC
5.5 Dec 13

jq is a command-line JSON processor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Publ

CVE-2023-50246 MEDIUM POC
5.5 Dec 13

jq is a command-line JSON processor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Publ

CVE-2026-32316 HIGH
8.2 Apr 13

Heap buffer overflow in jq command-line JSON processor (all versions through 1.8.1) allows remote unauthenticated attack

CVE-2026-49839 HIGH
7.1

Out-of-bounds write in the jq command-line JSON processor (CWE-787) lets a crafted JSON input corrupt memory when parsed

CVE-2026-54679 MEDIUM
6.9

jq, the command-line JSON processor, was patched in Alpine Linux with package version 1.8.2-r0. The specific vulnerabili

CVE-2026-39979 MEDIUM
6.9 Apr 13

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() AP

CVE-2026-47770 MEDIUM
6.8

jq on Alpine Linux was patched in package version 1.8.2-r0, addressing an unspecified vulnerability. The nature of the f

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container containers/suse-ai-observability-extension-setup:1.0.3-3.41 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:15.7.20.5.1 Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:5.4.4.5.25 Container suse/sle-micro/5.5:2.0.4-5.5.333 Image SLES15-SP4-CHOST-BYOS Image SLES15-SP4-CHOST-BYOS-Aliyun Image SLES15-SP4-CHOST-BYOS-Azure Image SLES15-SP4-CHOST-BYOS-EC2 Image SLES15-SP4-CHOST-BYOS-GCE Image SLES15-SP4-CHOST-BYOS-SAP-CCloud Image SLES15-SP4-SAP Image SLES15-SP4-SAP-Azure Image SLES15-SP4-SAP-EC2 Image SLES15-SP4-SAP-GCE Image SLES15-SP4-SAPCAL Image SLES15-SP4-SAPCAL-Azure Image SLES15-SP4-SAPCAL-EC2 Image SLES15-SP4-SAPCAL-GCE Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-Aliyun Image SLES15-SP5-CHOST-BYOS-Azure Image SLES15-SP5-CHOST-BYOS-EC2 Image SLES15-SP5-CHOST-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-GDC Image SLES15-SP5-CHOST-BYOS-SAP-CCloud Image SLES15-SP5-GCE Image SLES15-SP5-HPC-BYOS-GCE Image SLES15-SP5-Hardened-BYOS-GCE Image SLES15-SP5-Manager-Proxy-5-0-BYOS Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2 Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE Image SLES15-SP5-Manager-Server-5-0 Image SLES15-SP5-Manager-Server-5-0-Azure-llc Image SLES15-SP5-Manager-Server-5-0-Azure-ltd Image SLES15-SP5-Manager-Server-5-0-BYOS Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2 Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE Image SLES15-SP5-Manager-Server-5-0-EC2-llc Image SLES15-SP5-Manager-Server-5-0-EC2-ltd Image SLES15-SP5-Micro-5-5-BYOS-GCE Image SLES15-SP5-Micro-5-5-GCE Image SLES15-SP5-SAP-BYOS-GCE Image SLES15-SP5-SAP-Hardened-BYOS-GCE Image SLES15-SP5-SAP-Hardened-GCE Image SLES15-SP5-SAPCAL-Azure Image SLES15-SP5-SAPCAL-EC2 Image SLES15-SP5-SAPCAL-GCE Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP6-GCE Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP6-SAP Image SLES15-SP6-SAP-Azure Image SLES15-SP6-SAP-BYOS-GCE Image SLES15-SP6-SAP-EC2 Image SLES15-SP6-SAP-GCE Image SLES15-SP6-SAP-Hardened Image SLES15-SP6-SAP-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Hardened-GCE Image SLES15-SP6-SAPCAL Image SLES15-SP6-SAPCAL-Azure Image SLES15-SP6-SAPCAL-EC2 Image SLES15-SP6-SAPCAL-GCE Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-GCE Image SLES15-SP7-SAP-BYOS-GCE Image SLES15-SP7-SAP-GCE Image SLES15-SP7-SAP-GCE-3P Image SLES15-SP7-SAP-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Hardened-GCE Image SLES15-SP7-SAPCAL-Azure Image SLES15-SP7-SAPCAL-EC2 Image SLES15-SP7-SAPCAL-GCE Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.61 Affected
Container suse/sl-micro/6.0/toolbox:latest Affected
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected
SUSE Liberty Linux 8 Fixed

Share

CVE-2024-23337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy