{"id":"AZL-61967","summary":"CVE-2024-23337 affecting package jq for versions less than 1.6-3","details":"jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.","modified":"2026-04-21T04:31:53.593177Z","published":"2025-05-21T15:16:03Z","upstream":["CVE-2024-23337"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23337"}],"affected":[{"package":{"name":"jq","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/jq"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61967.json"}}],"schema_version":"1.7.5"}