CVE-2024-34402

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
Configurations

No configuration.

History

21 Nov 2024, 09:18

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/05/06/1 - () http://www.openwall.com/lists/oss-security/2024/05/06/1 -
References () http://www.openwall.com/lists/oss-security/2024/05/06/3 - () http://www.openwall.com/lists/oss-security/2024/05/06/3 -
References () https://github.com/uriparser/uriparser/issues/183 - () https://github.com/uriparser/uriparser/issues/183 -
References () https://github.com/uriparser/uriparser/pull/185 - () https://github.com/uriparser/uriparser/pull/185 -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ -

03 Jul 2024, 01:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.6
CWE CWE-190

10 Jun 2024, 17:16

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en uriparser hasta la versión 0.9.7. ComposeQueryEngine en UriQuery.c tiene un desbordamiento de enteros a través de claves o valores largos, con un desbordamiento de búfer resultante.
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ -

06 May 2024, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/05/06/3 -

06 May 2024, 11:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/05/06/1 -

03 May 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-03 01:15

Updated : 2024-11-21 09:18


NVD link : CVE-2024-34402

Mitre link : CVE-2024-34402

CVE.ORG link : CVE-2024-34402


JSON object : View

Products Affected

No product.

CWE
CWE-190

Integer Overflow or Wraparound