Integer Overflow in UriQuery via Long String
CVE-2024-34403

5.9MEDIUM

Key Information:

Vendor

uriparser

Status
Uriparser
Vendor
CVE Published:
3 May 2024

What is CVE-2024-34403?

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

References

https://github.com/uriparser/uriparser/issues/183
https://github.com/uriparser/uriparser/pull/186
http://www.openwall.com/lists/oss-security/2024/05/06/1
mailing-list

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.