Lucene search

K

MitreVULNRICHMENT:CVE-2024-34403

HistoryMay 03, 2024 - 12:00 a.m.

CVE-2024-34403

2024-05-0300:00:00

mitre

github.com

5

uriparser

integer overflow

cve-2024-34403

composequerymallocexmm

long string

AI Score

7

Confidence

High

EPSS

0

Percentile

10.3%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:uriparser_project:uriparser:0.9.7:*:*:*:*:*:*:*"
    ],
    "vendor": "uriparser_project",
    "product": "uriparser",
    "versions": [
      {
        "status": "affected",
        "version": "0.9.7"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.openwall.com/lists/oss-security/2024/05/06/1

www.openwall.com/lists/oss-security/2024/05/06/3

github.com/uriparser/uriparser/issues/183

github.com/uriparser/uriparser/pull/186

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/

AI Score

7

Confidence

High

EPSS

0

Percentile

10.3%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-34403

debiancve1 cvelist1 ubuntucve1 redhatcve1 osv1 alpinelinux1 nvd1 veracode1 cve1 openvas4 fedora3 amazon1 nessus6 photon1