PT-2024-3891 · Uriparser+6 · Uriparser+6

Hartwork

Published

2024-04-21

Updated

2025-08-27

CVE-2024-34403

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: uriparser versions 0.9.7 and earlier

Description: The issue is related to an integer overflow in the ComposeQueryMallocExMm function in UriQuery.c, which can be triggered by a long string. This can potentially allow a remote attacker to execute arbitrary code.

Recommendations: For uriparser versions 0.9.7 and earlier, consider applying a patch or update when available to fix the integer overflow issue in the ComposeQueryMallocExMm function. As a temporary workaround, consider restricting input to prevent long strings from being processed by the ComposeQueryMallocExMm function until a patch is available.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

AZL-43221

AZL-43228

BDU:2024-04296

CVE-2024-34403

ECHO-EE82-100A-75FE

OESA-2024-1534

OESA-2024-1627

OPENSUSE-SU-2024:13957-1

OPENSUSE-SU-2024_1860-1

SUSE-SU-2024:1860-1

USN-7356-1

Affected Products

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Uriparser

PT-2024-3891 · Uriparser+6 · Uriparser+6

CVE-2024-34403

Weakness Enumeration

Related Identifiers

Affected Products

References · 55