Integer Overflow

2024-05-0606:24:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

uriparser

vulnerability

integer overflow

input validation

denial of service

crafted strings

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

uriparser is vulnerable to an Integer overflow. The vulnerability is due to insufficient input validation in ComposeQueryMallocExMm within UriQuery.c , which allows attackers to cause a Denial of service via long crafted strings.

CPENameOperatorVersion
uriparsereq0.8.4
liburiparser.sole1.0.30-0.9.7-1.el8.x86_64.debug
uriparser:3.19eq0.9.7-r0
uriparser:edgeeq0.9.7-r0
uriparser:edgeeq0.9.7-r1
uriparser:edgeeq0.9.6-r0
uriparser:edgeeq0.9.3-r1
uriparser:edgeeq0.9.4-r0
uriparser:edgeeq0.9.5-r0
uriparsereq0.8.4

Name	Operator	Version
uriparser	eq	0.8.4
liburiparser.so	le	1.0.30-0.9.7-1.el8.x86_64.debug
uriparser:3.19	eq	0.9.7-r0
uriparser:edge	eq	0.9.7-r0
uriparser:edge	eq	0.9.7-r1
uriparser:edge	eq	0.9.6-r0
uriparser:edge	eq	0.9.3-r1
uriparser:edge	eq	0.9.4-r0
uriparser:edge	eq	0.9.5-r0
uriparser	eq	0.8.4