CVE-2024-34402 — Integer Overflow or Wraparound in Project Uriparser

CWE-190 — Integer Overflow or Wraparound CWE-120 — Classic Buffer Overflow10 documents9 sources

Severity

8.6HIGHNVD

EPSS

0.5%

top 35.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uriparser Project Uriparser Fedoraproject Fedora

Timeline

PublishedMay 3

Latest updateMar 19

Description

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages3 packages

▶Debianuriparser_project/uriparser< 0.9.8+dfsg-1+1

▶Ubuntuuriparser_project/uriparser< 0.7.5-1ubuntu2+esm4+5

▶NVDuriparser_project/uriparser0.9.7

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

OSV

uriparser vulnerabilities↗2025-03-19

▶

OSV

CVE-2024-34402: An issue was discovered in uriparser through 0↗2024-05-03

▶

CVEList

CVE-2024-34402: An issue was discovered in uriparser through 0↗2024-05-03

▶

GHSA

GHSA-hwpw-xpj3-c397: An issue was discovered in uriparser through 0↗2024-05-03

▶

📋Vendor Advisories

Ubuntu

uriparser vulnerabilities↗2025-03-19

▶

Microsoft

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.↗2024-05-14

▶

Red Hat

uriparser: integer overflow via long keys or values in ComposeQueryEngine() in UriQuery.c↗2024-05-03

▶

Debian

CVE-2024-34402: uriparser - An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQue...↗2024

▶