CVE-2024-34402

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

Published: May 3, 2024
Updated: May 4, 2024
CVE: CVE-2024-34402
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
uriparser_project / uriparser	-	0.9.7.x
fedoraproject / fedora	38	38.x
fedoraproject / fedora	39	39.x
fedoraproject / fedora	40	40.x

http://www.openwall.com/lists/oss-security/2024/05/06/1
http://www.openwall.com/lists/oss-security/2024/05/06/3
https://github.com/uriparser/uriparser/issues/183
https://github.com/uriparser/uriparser/pull/185
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/

Vulnerability Database

289,697

CVE-2024-34402