Lucene search

MitreVULNRICHMENT:CVE-2024-34402

HistoryMay 03, 2024 - 12:00 a.m.

CVE-2024-34402

2024-05-0300:00:00

mitre

github.com

uriparser

composequeryengine

uriquery.c

integer overflow

buffer overflow

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

References

www.openwall.com/lists/oss-security/2024/05/06/1

www.openwall.com/lists/oss-security/2024/05/06/3

github.com/uriparser/uriparser/issues/183

github.com/uriparser/uriparser/pull/185

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/