Lucene search

[email protected]NVD:CVE-2024-34403

HistoryMay 03, 2024 - 1:15 a.m.

CVE-2024-34403

2024-05-0301:15:48

CWE-190

[email protected]

web.nvd.nist.gov

uriparser

integer overflow

cve-2024-34403

uriquery.c

composequerymallocexmm

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

10.3%

JSON

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

References

www.openwall.com/lists/oss-security/2024/05/06/1

www.openwall.com/lists/oss-security/2024/05/06/3

github.com/uriparser/uriparser/issues/183

github.com/uriparser/uriparser/pull/186

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2024-34403

debiancve1 cvelist1 ubuntucve1 redhatcve1 osv1 alpinelinux1 veracode1 cve1 vulnrichment1 openvas4 fedora3 amazon1 nessus6 photon1