Lucene search

MitreCVELIST:CVE-2024-34403

HistoryMay 03, 2024 - 12:00 a.m.

CVE-2024-34403

2024-05-0300:00:00

mitre

www.cve.org

uriparser

integer overflow

composequerymallocexmm

uriquery.c

cve-2024-34403

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

References

www.openwall.com/lists/oss-security/2024/05/06/1

www.openwall.com/lists/oss-security/2024/05/06/3

github.com/uriparser/uriparser/issues/183

github.com/uriparser/uriparser/pull/186

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/