{
  "threat_severity" : "Moderate",
  "public_date" : "2024-05-03T00:00:00Z",
  "bugzilla" : {
    "description" : "uriparser: integer overflow via a long string in ComposeQueryMallocExMm() in UriQuery.c",
    "id" : "2278808",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2278808"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-190",
  "details" : [ "An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.", "An integer overflow issue was found in Uriparser in the ComposeQueryMallocExMm() function in UriQuery.c. This function computes the space needed for composing a query string. However, it encounters an integer overflow issue when handling large key or value lengths, potentially leading to incorrect memory allocations or operations due to malformed size calculations. This flaw allows attackers to crash the application, resulting in a denial of service." ],
  "statement" : "We do not distribute this package in RHEL 8, 9, and 10. Additionally, RHEL 7 is no longer within the scope of our supported versions.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "uriparser",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-34403\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-34403" ],
  "name" : "CVE-2024-34403",
  "csaw" : false
}