Описание
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
An integer overflow issue was found in Uriparser in the ComposeQueryEngine() function in UriQuery.c. This function computes the space needed for composing a query string. However, it encounters an integer overflow issue when handling large key or value lengths, potentially leading to incorrect memory allocations or operations due to malformed size calculations. This flaw allows attackers to crash the application, resulting in a denial of service.
Отчет
We do not distribute this package in RHEL 8, 9, and 10. Additionally, RHEL 7 is no longer within the scope of our supported versions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | uriparser | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine ...
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
EPSS
5.5 Medium
CVSS3