DEBIAN-CVE-2024-23337

DEBIAN-CVE-2024-23337 PUBLISHED CVSS 6.5 MEDIUM

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	jq	0, 0
Debian:14	jq	0, 0
Debian:11	jq	1.7.1-2, 1.7.1-3, 1.7.1-4
Debian:12	jq	0, 1.6-2.1, 1.6-2.1+deb12u1

Timeline

May 21, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-23337 advisory

Open in Interactive Console →