All errata/sisyphus/ALT-PU-2024-18327-1
ALT-PU-2024-18327-1

Package update liburiparser in branch sisyphus

Version0.9.8-alt1
Task#363920
Published2024-12-05
Max severityCRITICAL
Severity:

Closed issues (4)

BDU:2024-04296
CRITICAL9.8

Уязвимость функции ComposeQueryMallocExMm() (riQuery.c) парсера Uriparser, позволяющая нарушителю выполнить произвольный код

Published: 2024-06-03Modified: 2025-09-30
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2024-05019
HIGH8.6

Уязвимость функции ComposeQueryEngine (UriQuery.c) библиотеки синтаксического анализа и обработки URI uriparser, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Published: 2024-07-05Modified: 2025-07-24
CVSS 3.xHIGH 8.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVSS 2.0CRITICAL 9.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:C
References
CVE-2024-34402
HIGH8.6

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

Published: 2024-05-03Modified: 2025-11-04
CVSS 3.xHIGH 8.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
References
CVE-2024-34403
MEDIUM5.9

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

Published: 2024-05-03Modified: 2025-11-04
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References