Lucene search

[email protected]NVD:CVE-2024-34402

HistoryMay 03, 2024 - 1:15 a.m.

CVE-2024-34402

2024-05-0301:15:48

[email protected]

web.nvd.nist.gov

uriparser

integer overflow

buffer overflow

security issue

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

References

www.openwall.com/lists/oss-security/2024/05/06/1

www.openwall.com/lists/oss-security/2024/05/06/3

github.com/uriparser/uriparser/issues/183

github.com/uriparser/uriparser/pull/185

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/