Bug 2367807 (CVE-2024-23337)
| Summary: | CVE-2024-23337 jq: jq has signed integer overflow in jv.c:jvp_array_write | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adudiak, amctagga, aoconnor, bniver, crizzo, flucifre, gmeno, haoli, hkataria, jajackso, jcammara, jmitchel, jneedle, jtanner, kegrant, koliveir, kshier, mabashia, mbenjamin, mhackett, omaciel, pbraun, shvarugh, simaishi, smcdonal, sostapov, stcannon, teagle, tfister, thavo, vereddy, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory access and results in a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2370297, 2370298 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-05-21 15:01:17 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:10585 https://access.redhat.com/errata/RHSA-2025:10585 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:10613 https://access.redhat.com/errata/RHSA-2025:10613 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:10616 https://access.redhat.com/errata/RHSA-2025:10616 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:10615 https://access.redhat.com/errata/RHSA-2025:10615 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:10619 https://access.redhat.com/errata/RHSA-2025:10619 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Via RHSA-2025:10621 https://access.redhat.com/errata/RHSA-2025:10621 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:10622 https://access.redhat.com/errata/RHSA-2025:10622 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:10618 https://access.redhat.com/errata/RHSA-2025:10618 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Enterprise Linux 8.6 Extended Update Support EXTENSION Via RHSA-2025:10620 https://access.redhat.com/errata/RHSA-2025:10620 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:12882 https://access.redhat.com/errata/RHSA-2025:12882 |