CVE-2024-34402

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-34402
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/05/06/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/06/3 Mailing List Third Party Advisory
https://github.com/uriparser/uriparser/issues/183 Issue Tracking Vendor Advisory
https://github.com/uriparser/uriparser/pull/185 Issue Tracking Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/06/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/05/06/3 Mailing List Third Party Advisory
https://github.com/uriparser/uriparser/issues/183 Issue Tracking Vendor Advisory
https://github.com/uriparser/uriparser/pull/185 Issue Tracking Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:uriparser_project:uriparser:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
History

17 Jun 2025, 15:24

Type Values Removed Values Added
First Time Fedoraproject
Fedoraproject fedora
Uriparser Project
Uriparser Project uriparser
CPE cpe:2.3:a:uriparser_project:uriparser:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
References () http://www.openwall.com/lists/oss-security/2024/05/06/1 - () http://www.openwall.com/lists/oss-security/2024/05/06/1 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/05/06/3 - () http://www.openwall.com/lists/oss-security/2024/05/06/3 - Mailing List, Third Party Advisory
References () https://github.com/uriparser/uriparser/issues/183 - () https://github.com/uriparser/uriparser/issues/183 - Issue Tracking, Vendor Advisory
References () https://github.com/uriparser/uriparser/pull/185 - () https://github.com/uriparser/uriparser/pull/185 - Issue Tracking, Vendor Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ - Mailing List, Third Party Advisory

21 Nov 2024, 09:18

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/05/06/1 - () http://www.openwall.com/lists/oss-security/2024/05/06/1 -
References () http://www.openwall.com/lists/oss-security/2024/05/06/3 - () http://www.openwall.com/lists/oss-security/2024/05/06/3 -
References () https://github.com/uriparser/uriparser/issues/183 - () https://github.com/uriparser/uriparser/issues/183 -
References () https://github.com/uriparser/uriparser/pull/185 - () https://github.com/uriparser/uriparser/pull/185 -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ -

03 Jul 2024, 01:59

Type Values Removed Values Added
CWE CWE-190
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.6

10 Jun 2024, 17:16

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en uriparser hasta la versión 0.9.7. ComposeQueryEngine en UriQuery.c tiene un desbordamiento de enteros a través de claves o valores largos, con un desbordamiento de búfer resultante.
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ -

06 May 2024, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/05/06/3 -

06 May 2024, 11:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/05/06/1 -

03 May 2024, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-03 01:15

Updated : 2025-06-17 15:24

NVD link : CVE-2024-34402

Mitre link : CVE-2024-34402

CVE.ORG link : CVE-2024-34402

JSON object : View

Products Affected

uriparser_project

  • uriparser

fedoraproject

  • fedora
CWE
CWE-190

Integer Overflow or Wraparound