CVE-2024-23337
- Source
- https://cve.org/CVERecord?id=CVE-2024-23337
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23337.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-23337
- Aliases
-
- GHSA-2q6r-344g-cx46
- Downstream
- Related
- Published
- 2025-05-21T14:34:51.007Z
- Modified
- 2026-04-12T05:53:17.038223Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- jq has signed integer overflow in jv.c:jvp_array_write
- Details
-
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23337.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-190" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23337.json
- https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46
- https://nvd.nist.gov/vuln/detail/CVE-2024-23337
- https://github.com/jqlang/jq/issues/3262
- https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e
Affected packages
Git / github.com/jqlang/jq
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jqlang/jq
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.6rc2
jq-1.*
jq-1.0
jq-1.1
jq-1.2
jq-1.3
jq-1.4
jq-1.5rc1
jq-1.5rc2
jq-1.6
jq-1.6rc1
jq-1.7
jq-1.7.1
jq-1.7rc1
jq-1.7rc2
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "111137988609399857151046150794485037805",
"length": 262.0
},
"id": "CVE-2024-23337-04565637",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jv_array_concat",
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "237748935759897293101131115643374254823",
"length": 510.0
},
"id": "CVE-2024-23337-286cf1dd",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jv_object_merge_recursive",
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "163445554510748770352223293969963023000",
"length": 376.0
},
"id": "CVE-2024-23337-32865e5f",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jv_string_explode",
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "103305768167939608993029809850816110497",
"length": 685.0
},
"id": "CVE-2024-23337-369ac283",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jv_string_indexes",
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "262463111219578099524581004154513052700",
"length": 212.0
},
"id": "CVE-2024-23337-3771edc2",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jv_object_merge",
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "6706008070668189485097578795644585746",
"length": 398.0
},
"id": "CVE-2024-23337-42ee90c2",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jv_array_set",
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "217152002507721013265383776974827853736",
"length": 261.0
},
"id": "CVE-2024-23337-65984b07",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jv_object_set",
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "126652276985080967571016257588026388027",
"length": 2571.0
},
"id": "CVE-2024-23337-7044072c",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jv_set",
"file": "src/jv_aux.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "196333530245603264201958299203480877545",
"length": 906.0
},
"id": "CVE-2024-23337-9647e1d6",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jv_string_split",
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"339014577188072507842688966493826679685",
"47022262820450162858937789375857704071",
"205780847297627229920827206980073036552",
"19153967694127281167714231754555334607",
"197736427002001478992732011065477572623",
"93161985359930611867717428547266678231",
"87468492980105111988078291989706226867",
"45289825194693337507435919170981760810",
"325844181656562266142464634897092782909",
"187709757395640284082794708025919103397",
"29862789084955351249824442219750045703",
"248841500202386045632931347802796219685",
"1815676247066957357343232946044466575",
"19552604032784703978496123128652340063",
"247548776530019746431897897424079760272",
"200750708131574333793396796330886324597",
"210238571164148412686177848076654706556",
"37543147854337209609683659174012688870",
"298772841277752792620408816477068069549",
"123181089485221688599852233834182458797",
"219750648040533630487898225587547003873",
"325887877661329870460505398887975064376",
"254012863064925480478039440014238798992",
"92690990334225840926913375398984399341",
"116682823186550376885007959598856992893",
"150630945996458235078215637137682493838",
"256871402155242183209778735769931689296",
"204416844694758957454983286073658825308",
"145219654637327608425633806858396420606",
"228290491799347054410946222118619210191",
"66659719239686185902814563225747056269",
"238872387272264149859042365778823508309",
"201584424087545105664339775449270047200",
"203340813751552507326479578217727842929",
"42456318665036588373651415133168046813",
"139084388521946995172568102038023437257",
"189030097817095956623774086948689108951",
"23375893006081176333384720943088259922",
"200563789312070260861222477260526813657",
"4354235676125506733841028530248763120",
"29079140071836263003351536040015942481",
"206965960754310182132903783766429872139",
"262912017746059526032614516113294840632",
"243298337042102622940382324872785007358",
"319016343311680977058485022449034188250",
"280218317216768007820969737374656459964",
"182625746718217674515175334711586846291",
"12308144987198618922981626989540562110",
"142434669384707587291012476049765025449",
"297381109610102847456651640043539856930",
"24919452270854829023413262840423730114",
"175494915411365812151356003500597680749",
"259016460323451878738877937935969686672",
"24662167699572299123399865576740170808",
"268833719976489242236045544971856680871",
"216109802456649461377552831783804819899",
"238792030916433053617837113553285043285",
"36325326249684072078057568438511488507",
"337296518720522157650094912631827220157",
"26184548141014247333708249531822361099",
"114326377041021996384063066888024303727",
"234108080180124966321227044060535970915",
"311541335489681149770467745322184233024",
"283912674945246823076161460269919750363",
"288765157807741797084954824982164523258",
"100453092615584081042280133613816180796",
"136910363091581504075968776508238666443",
"213755548660740247498157215474076019614",
"108188149734493114060360546382581990078",
"322918399021168533979986077792626375927",
"140785735858158121037101139967368508952",
"284376592890192898584784431858872335080",
"208651150119917951091971937018545669728",
"130378013810340699714931390771326845192"
]
},
"id": "CVE-2024-23337-96e418bb",
"signature_type": "Line",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "220821467909858034924023723150673823611",
"length": 583.0
},
"id": "CVE-2024-23337-c029bfc6",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jvp_object_write",
"file": "src/jv.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"49314117860552427637289761811114704982",
"133168085019627836917855826111674485473",
"214808392088399544560201786853405852340",
"218456411945579710329900585944612874646",
"229310651614279876591567949992389710328",
"37186851718729348926252391537519762510",
"194702215318362978800119278416265201999",
"277375067983529847024372692174510778272",
"83996309895668853422199083816234437088",
"305716381699829394196253539820160860883",
"261546646928046742131095930914371569989",
"7443652024731225196583678104486279469",
"327114700914653030451603173629132522892",
"132045950232904207076750020726663519684"
]
},
"id": "CVE-2024-23337-d06ffd82",
"signature_type": "Line",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"file": "src/jv_aux.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "300047713942875338587980580464189780826",
"length": 609.0
},
"id": "CVE-2024-23337-f87e7430",
"signature_type": "Function",
"source": "https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e",
"deprecated": false,
"target": {
"function": "jvp_object_rehash",
"file": "src/jv.c"
},
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23337.json"
vanir_signatures_modified
"2026-04-12T05:53:17Z"