CVE-2024-23337: jq has signed integer overflow in jv.c:jvp_array_write
Published May 21, 2025
·Updated
jq has signed integer overflow in jv.c:jvp_array_write
Affected Software
5 affected componentsFixes available
JQ jq<=1.7.1
jqlang jq<=1.7.1
Microsoft cbl2 jq 1.6-3
Microsoft cm2 jq 1.6-3
Microsoft azl3 jq 1.7.1-3
Remediation
Event History
May 21, 2025
CVE Published
via MITRE·02:34 PM
Data Sourced
via MITRE·02:34 PM
DescriptionSeverityWeakness
Data Sourced
via Red Hat·03:01 PM
DescriptionSeverityAffected Software
Data Sourced
via NVD·03:16 PM
RemedyDescriptionSeverityWeaknessAffected Software
Jul 11, 2025
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Jan 30, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-23337?
CVE-2024-23337 has a severity rating that indicates potential denial of service due to an integer overflow.
2
What versions of jq are affected by CVE-2024-23337?
CVE-2024-23337 affects jq versions up to and including 1.7.1.
3
How do I fix CVE-2024-23337?
To fix CVE-2024-23337, you should upgrade jq to a version higher than 1.7.1 where the issue has been patched.
4
What is the impact of CVE-2024-23337?
The impact of CVE-2024-23337 is a denial of service caused by an integer overflow when using certain indices.
5
Who maintains the jq software affected by CVE-2024-23337?
The jq software affected by CVE-2024-23337 is maintained by the jq project team.