Azure Linux 3.0 Security Update: uriparser (CVE-2024-34402)

The version of uriparser installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34402 advisory. - An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer...

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

...

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

...

OESA-2024-1690 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

SUSE CVE-2024-34402

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

SUSE CVE-2024-34403

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the ComposeQueryEngine function within UriQuery.c, which occurs when processing long keys or values. An attacker can execute arbitrary code or cause a denial of service by exploiting this buffer overflow condition...

AZL-43227 CVE-2024-34402 affecting package uriparser for versions less than 0.9.8-3

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

UBUNTU-CVE-2024-34402

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery or uriComposeQueryEx function because the '&' character is mishandled in certain contexts...

DEBIAN-CVE-2018-19199

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery or uriComposeQueryEx function because of an unchecked multiplication...

DEBIAN-CVE-2018-19198

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery or uriComposeQueryEx function because the '&' character is mishandled in certain contexts...

UBUNTU-CVE-2018-19199

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery or uriComposeQueryEx function because of an unchecked multiplication...