Bug 2367807 (CVE-2024-23337) - CVE-2024-23337 jq: jq has signed integer overflow in jv.c:jvp_array_write
Summary: CVE-2024-23337 jq: jq has signed integer overflow in jv.c:jvp_array_write
Keywords:
Status: NEW
Alias: CVE-2024-23337
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2370297 2370298
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-21 15:01 UTC by OSIDB Bzimport
Modified: 2025-07-08 12:39 UTC (History)
32 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:10585 0 None None None 2025-07-08 11:02:17 UTC
Red Hat Product Errata RHSA-2025:10613 0 None None None 2025-07-08 12:09:02 UTC
Red Hat Product Errata RHSA-2025:10615 0 None None None 2025-07-08 12:30:52 UTC
Red Hat Product Errata RHSA-2025:10616 0 None None None 2025-07-08 12:24:12 UTC
Red Hat Product Errata RHSA-2025:10618 0 None None None 2025-07-08 12:36:53 UTC
Red Hat Product Errata RHSA-2025:10619 0 None None None 2025-07-08 12:30:59 UTC
Red Hat Product Errata RHSA-2025:10620 0 None None None 2025-07-08 12:39:05 UTC
Red Hat Product Errata RHSA-2025:10621 0 None None None 2025-07-08 12:32:18 UTC
Red Hat Product Errata RHSA-2025:10622 0 None None None 2025-07-08 12:33:56 UTC

Description OSIDB Bzimport 2025-05-21 15:01:17 UTC 
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
Comment 3 errata-xmlrpc 2025-07-08 11:02:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:10585 https://access.redhat.com/errata/RHSA-2025:10585
Comment 4 errata-xmlrpc 2025-07-08 12:08:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:10613 https://access.redhat.com/errata/RHSA-2025:10613
Comment 5 errata-xmlrpc 2025-07-08 12:24:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:10616 https://access.redhat.com/errata/RHSA-2025:10616
Comment 6 errata-xmlrpc 2025-07-08 12:30:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:10615 https://access.redhat.com/errata/RHSA-2025:10615
Comment 7 errata-xmlrpc 2025-07-08 12:30:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:10619 https://access.redhat.com/errata/RHSA-2025:10619
Comment 8 errata-xmlrpc 2025-07-08 12:32:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Via RHSA-2025:10621 https://access.redhat.com/errata/RHSA-2025:10621
Comment 9 errata-xmlrpc 2025-07-08 12:33:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:10622 https://access.redhat.com/errata/RHSA-2025:10622
Comment 10 errata-xmlrpc 2025-07-08 12:36:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:10618 https://access.redhat.com/errata/RHSA-2025:10618
Comment 11 errata-xmlrpc 2025-07-08 12:39:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service
  Red Hat Enterprise Linux 8.6 Extended Update Support EXTENSION

Via RHSA-2025:10620 https://access.redhat.com/errata/RHSA-2025:10620
Note You need to log in before you can comment on or make changes to this bug.