Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-23337

Опубликовано: 21 мая 2025
Источник: redhat
CVSS3: 4.3

Описание

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory access and results in a denial of service.

Отчет

To exploit this flaw, an attacker needs to trick a user into processing a specially crafted JSON input, allowing an attacker to trigger an integer overflow and cause a crash in jq with no other security impact. Due to these reasons, this flaw has been rated with a Moderate severity.

Меры по смягчению последствий

Do not process untrusted input with the jq command line JSON processor.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2automation-controllerFix deferred
Red Hat Ceph Storage 4jqFix deferred
Red Hat Enterprise Linux 10jqAffected
Red Hat Enterprise Linux 8jqAffected
Red Hat Enterprise Linux 9jqAffected
Red Hat OpenShift Container Platform 4rhcosFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2367807jq: jq has signed integer overflow in jv.c:jvp_array_write

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-23337

CVSS3: 4.3
ubuntu
29 дней назад

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

nvd логотип

CVE-2024-23337

CVSS3: 4.3
nvd
29 дней назад

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

debian логотип

CVE-2024-23337

CVSS3: 4.3
debian
29 дней назад

jq is a command-line JSON processor. In versions up to and including 1 ...

fstec логотип

BDU:2025-06692

CVSS3: 4.3
fstec
30 дней назад

Уязвимость функционального языка программирования jq, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

4.3 Medium

CVSS3

Уязвимость CVE-2024-23337