CVE-2024-23337

MEDIUM

Published 2025-05-21T14:34:51.007Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-23337. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

4.3

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.144

Higher than 14.4% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Description

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

jqlang

jq

Affected Versions:

<= 1.7.1

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

Not EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Affected Products (ENISA)

jqlang

ENISA Scoring

CVSS Score (3.1)

4.3

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS Score

0.060

probability

ENISA References

https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46

https://github.com/jqlang/jq/issues/3262

https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e

Data provided by ENISA EU Vulnerability Database. Last updated: May 21, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

2 posts

Reddit • 4 days, 14 hours ago

BBQKITTY

SteamOS 3.7.15 Beta Released With Multi-Language Support For Screen Reader, Improved Battery Charge Estimation, And More Fixes - SteamDeckHQ As the title says, the [new SteamOS beta was just released](https://steamdeckhq.com/steamos-3-7-15-beta-released/), and it features multi-language support for the screen reader, improved battery charge time estimates, and a ton of fixes for …

Also mentions: CVE-2025-55188 CVE-2025-49014 CVE-2025-6395 CVE-2025-32989 CVE-2025-32988 CVE-2025-7425 CVE-2025-32990 CVE-2025-49795 CVE-2025-6170 CVE-2025-49794 CVE-2025-49796 CVE-2025-6021 CVE-2025-48060 CVE-2024-53427

168

238.0

View Original

Reddit • 4 days, 14 hours ago

Itchy-Assumption3803

SteamOS 3.7.15 Beta: The Sound of Silence \#updates #steamdeck #steam #news Note: This update is for the Steam Deck Beta and Preview channels, and includes new features that are still being tested. You can opt into this in Settings > System > System Update Channel. **General** - Fixed power and …

1.0

View Original

References

https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46

https://github.com/jqlang/jq/issues/3262

https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e

Published: 2025-05-21T14:34:51.007Z

Last Modified: 2025-05-21T14:57:18.378Z

Copied to clipboard!

CVE-2024-23337

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

jq

Affected Versions:

EU Vulnerability Database

EU Coordination

Exploitation Status

EUVD ID

ENISA Analysis

Affected Products (ENISA)

ENISA Scoring

CVSS Score (3.1)

EPSS Score

ENISA References

Social Media Intelligence

References

Request Analysis

What to expect

Request Received!