Fluid Attacks Database

Description

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	uriparser	>=0 <0.9.8+dfsg-1	0.9.8+dfsg-1
debian 14	uriparser	>=0 <0.9.8+dfsg-1	0.9.8+dfsg-1
debian 11	uriparser	=0.9.4+dfsg-1 \|\| =0.9.4+dfsg-1+deb11u1 \|\| =0.9.5+dfsg-1 \|\| =0.9.5+dfsg-2 \|\| =0.9.6+dfsg-1 \|\| =0.9.7+dfsg-1 \|\| =0.9.7+dfsg-2 \|\| =0.9.8+dfsg-1 \|\| =0.9.8+dfsg-2	-
debian 12	uriparser	=0.9.7+dfsg-2 \|\| =0.9.8+dfsg-1 \|\| =0.9.8+dfsg-2	-
rpm rhel7	uriparser	-	-

Aliases

1. CVE-2024-344022. NVD-2024-344023. OSV-DEBIAN-2024-344024. OSV-2024-344025. SECURITY-TRACKER-CVE-2024-34402

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.