Assigner | mitre |
Reserved | 2024-05-03 |
Published | 2024-05-03 |
Updated | 2024-06-10 |
Description
An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.
References
https://github.com/uriparser/uriparser/issues/183
https://github.com/uriparser/uriparser/pull/186
http://www.openwall.com/lists/oss-security/2024/05/06/1 ([oss-security] 20240506 Fwd: uriparser 0.9.8 released, includes security fixes)
http://www.openwall.com/lists/oss-security/2024/05/06/3 ([oss-security] 20240506 Re: Fwd: uriparser 0.9.8 released, includes security fixes)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ (FEDORA-2024-40e8512956)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ (FEDORA-2024-a7b8b6bfe2)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ (FEDORA-2024-410d4ecabe)