Bug 2278807 (CVE-2024-34402)

Summary: CVE-2024-34402 uriparser: integer overflow via long keys or values in ComposeQueryEngine() in UriQuery.c
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: uriparser 0.9.8 Doc Type: If docs needed, set a value
Doc Text:
An integer overflow issue was found in Uriparser in the ComposeQueryEngine() function in UriQuery.c. This function computes the space needed for composing a query string. However, it encounters an integer overflow issue when handling large key or value lengths, potentially leading to incorrect memory allocations or operations due to malformed size calculations. This flaw allows attackers to crash the application, resulting in a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2278810, 2278811, 2278812, 2278813    
Bug Blocks: 2278809    

Description TEJ RATHI 2024-05-03 07:05:48 UTC 
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

https://github.com/uriparser/uriparser/issues/183
https://github.com/uriparser/uriparser/pull/185
https://github.com/uriparser/uriparser/commit/760ade2947415dbb100053cf793c2f96fe257386
Comment 1 TEJ RATHI 2024-05-03 07:12:35 UTC 
Created uriparser tracking bugs for this issue:

Affects: epel-8 [bug 2278810]
Affects: fedora-38 [bug 2278811]
Affects: fedora-39 [bug 2278812]
Affects: fedora-40 [bug 2278813]