AZL-61967

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61967.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-61967

Upstream

CVE-2024-23337

Published

2025-05-21T15:16:03Z

Modified

2026-04-21T04:31:53.593177Z

Summary

CVE-2024-23337 affecting package jq for versions less than 1.6-3

Details

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23337

Affected packages

Azure Linux:2 / jq

Package

Name: jq
Purl: pkg:rpm/azure-linux/jq

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61967.json"