CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
10.3%
An integer overflow issue was found in Uriparser in the ComposeQueryEngine() function in UriQuery.c. This function computes the space needed for composing a query string. However, it encounters an integer overflow issue when handling large key or value lengths, potentially leading to incorrect memory allocations or operations due to malformed size calculations. This flaw allows attackers to crash the application, resulting in a denial of service.