{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-34403", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T02:51:11.456Z", "dateReserved": "2024-05-03T00:00:00", "datePublished": "2024-05-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-10T17:06:02.828408"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/uriparser/uriparser/issues/183"}, {"url": "https://github.com/uriparser/uriparser/pull/186"}, {"name": "[oss-security] 20240506 Fwd: uriparser 0.9.8 released, includes security fixes", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/05/06/1"}, {"name": "[oss-security] 20240506 Re: Fwd: uriparser 0.9.8 released, includes security fixes", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/05/06/3"}, {"name": "FEDORA-2024-40e8512956", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/"}, {"name": "FEDORA-2024-a7b8b6bfe2", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/"}, {"name": "FEDORA-2024-410d4ecabe", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34403", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-06T15:57:28.670658Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:uriparser_project:uriparser:0.9.7:*:*:*:*:*:*:*"], "vendor": "uriparser_project", "product": "uriparser", "versions": [{"status": "affected", "version": "0.9.7"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:41:03.030Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.456Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/uriparser/uriparser/issues/183", "tags": ["x_transferred"]}, {"url": "https://github.com/uriparser/uriparser/pull/186", "tags": ["x_transferred"]}, {"name": "[oss-security] 20240506 Fwd: uriparser 0.9.8 released, includes security fixes", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/05/06/1"}, {"name": "[oss-security] 20240506 Re: Fwd: uriparser 0.9.8 released, includes security fixes", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/05/06/3"}, {"name": "FEDORA-2024-40e8512956", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/"}, {"name": "FEDORA-2024-a7b8b6bfe2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/"}, {"name": "FEDORA-2024-410d4ecabe", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/"}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/uriparser/uriparser/issues/183", "tags": ["x_transferred"]}, {"url": "https://github.com/uriparser/uriparser/pull/186", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/06/1", "name": "[oss-security] 20240506 Fwd: uriparser 0.9.8 released, includes security fixes", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/06/3", "name": "[oss-security] 20240506 Re: Fwd: uriparser 0.9.8 released, includes security fixes", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/", "name": "FEDORA-2024-40e8512956", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/", "name": "FEDORA-2024-a7b8b6bfe2", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/", "name": "FEDORA-2024-410d4ecabe", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.456Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34403", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-06T15:57:28.670658Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:uriparser_project:uriparser:0.9.7:*:*:*:*:*:*:*"], "vendor": "uriparser_project", "product": "uriparser", "versions": [{"status": "affected", "version": "0.9.7"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-06T15:57:10.344Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/uriparser/uriparser/issues/183"}, {"url": "https://github.com/uriparser/uriparser/pull/186"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/06/1", "name": "[oss-security] 20240506 Fwd: uriparser 0.9.8 released, includes security fixes", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/06/3", "name": "[oss-security] 20240506 Re: Fwd: uriparser 0.9.8 released, includes security fixes", "tags": ["mailing-list"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/", "name": "FEDORA-2024-40e8512956", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/", "name": "FEDORA-2024-a7b8b6bfe2", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/", "name": "FEDORA-2024-410d4ecabe", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-10T17:06:02.828408"}}}, "cveMetadata": {"cveId": "CVE-2024-34403", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:51:11.456Z", "dateReserved": "2024-05-03T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-03T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en uriparser hasta la versi\u00f3n 0.9.7. ComposeQueryMallocExMm en UriQuery.c tiene un desbordamiento de enteros a trav\u00e9s de una cadena larga."}], "id": "CVE-2024-34403", "lastModified": "2024-11-21T09:18:35.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-03T01:15:48.693", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/05/06/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/05/06/3"}, {"source": "cve@mitre.org", "url": "https://github.com/uriparser/uriparser/issues/183"}, {"source": "cve@mitre.org", "url": "https://github.com/uriparser/uriparser/pull/186"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/05/06/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/05/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/uriparser/uriparser/issues/183"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/uriparser/uriparser/pull/186"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "uriparser: integer overflow via a long string in ComposeQueryMallocExMm() in UriQuery.c", "id": "2278808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278808"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.", "An integer overflow issue was found in Uriparser in the ComposeQueryMallocExMm() function in UriQuery.c. This function computes the space needed for composing a query string. However, it encounters an integer overflow issue when handling large key or value lengths, potentially leading to incorrect memory allocations or operations due to malformed size calculations. This flaw allows attackers to crash the application, resulting in a denial of service."], "name": "CVE-2024-34403", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "uriparser", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-34403\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-34403"], "statement": "We do not distribute this package in RHEL 8, 9, and 10. Additionally, RHEL 7 is no longer within the scope of our supported versions.", "threat_severity": "Moderate"}