CVE-2026-43894

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...

jq: jq has signed integer overflow in jv.c:jvp_array_write

A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory acces...

SUSE-SU-2025:20506-1 Security update for jq

This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvparraywrite bsc1243450...

jq: jq has signed integer overflow in jv.c:jvp_array_write

A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory acces...

AZL-61977 CVE-2024-23337 affecting package jq for versions less than 1.7.1-3

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...