vulnerability

Red Hat: CVE-2024-23337: jq: jq has signed integer overflow in jv.c:jvp_array_write (Multiple Advisories)

Name: Red Hat: CVE-2024-23337: jq: jq has signed integer overflow in jv.c:jvp_array_write (Multiple Advisories)
Creator: Red Hat
Published: 2025-05-21T00:00:00.000Z
Keywords: CVE, CWE-190, Red Hat, 2024, 23337, jq, redhat-upgrade-jq, redhat-upgrade-jq-debuginfo, redhat-upgrade-jq-debugsource, redhat-upgrade-jq-devel, Severity 4

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

May 21, 2025

Added

Jul 9, 2025

Modified

Jun 12, 2026

Description

A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory access and results in a denial of service.

Solutions

redhat-upgrade-jqredhat-upgrade-jq-debuginforedhat-upgrade-jq-debugsourceredhat-upgrade-jq-devel

References

CWE-190
EUVD-EUVD-2024-20848
NVD-CVE-2024-23337
REDHAT-RHSA-2025:10585
REDHAT-RHSA-2025:10613
REDHAT-RHSA-2025:10618
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-20848

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report