CVE-2024-34403 — Integer Overflow or Wraparound in Project Uriparser

CWE-190 — Integer Overflow or Wraparound9 documents8 sources

Severity

5.9MEDIUMNVD

OSV8.6

EPSS

0.4%

top 42.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uriparser Project Uriparser Fedoraproject Fedora

Timeline

PublishedMay 3

Latest updateMar 19

Description

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶Debianuriparser_project/uriparser< 0.9.8+dfsg-1+1

▶Ubuntuuriparser_project/uriparser< 0.7.5-1ubuntu2+esm4+5

▶NVDuriparser_project/uriparser0.9.7

Also affects: Fedora 38, 39, 40

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

uriparser vulnerabilities↗2025-03-19

▶

OSV

CVE-2024-34403: An issue was discovered in uriparser through 0↗2024-05-03

▶

GHSA

GHSA-c6h3-4727-9w7w: An issue was discovered in uriparser through 0↗2024-05-03

▶

CVEList

CVE-2024-34403: An issue was discovered in uriparser through 0↗2024-05-03

▶

📋Vendor Advisories

Ubuntu

uriparser vulnerabilities↗2025-03-19

▶

Microsoft

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.↗2024-05-14

▶

Red Hat

uriparser: integer overflow via a long string in ComposeQueryMallocExMm() in UriQuery.c↗2024-05-03

▶

Debian

CVE-2024-34403: uriparser - An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in Ur...↗2024

▶