{"id":"CVE-2024-34403","details":"An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.","modified":"2026-04-02T11:28:12.674486Z","published":"2024-05-03T01:15:48.693Z","related":["SUSE-SU-2024:1860-1","openSUSE-SU-2024:13957-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/05/06/1"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/05/06/3"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R36L762D3KX3GA66OOPWW7M7KKDRXDP/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/"},{"type":"REPORT","url":"https://github.com/uriparser/uriparser/issues/183"},{"type":"FIX","url":"https://github.com/uriparser/uriparser/pull/186"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uriparser/uriparser","events":[{"introduced":"0"},{"last_affected":"634b678fa858abf1d1ebc0634e96e9e29596e92a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.7"}]}}],"versions":["uriparser-0.3.0","uriparser-0.3.1","uriparser-0.3.2","uriparser-0.3.3","uriparser-0.3.4","uriparser-0.4.0","uriparser-0.5.0","uriparser-0.5.1","uriparser-0.5.2","uriparser-0.6.0","uriparser-0.6.1","uriparser-0.6.2","uriparser-0.6.3","uriparser-0.6.4","uriparser-0.7.0","uriparser-0.7.1","uriparser-0.7.2","uriparser-0.7.3","uriparser-0.7.4","uriparser-0.7.5","uriparser-0.7.6","uriparser-0.7.7","uriparser-0.7.8","uriparser-0.7.9","uriparser-0.8.0","uriparser-0.8.0.1","uriparser-0.8.1","uriparser-0.8.2","uriparser-0.8.3","uriparser-0.8.4","uriparser-0.8.5","uriparser-0.8.6","uriparser-0.9.0","uriparser-0.9.1","uriparser-0.9.2","uriparser-0.9.3","uriparser-0.9.4","uriparser-0.9.5","uriparser-0.9.6","uriparser-0.9.7"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34403.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}