Bug 2278808 (CVE-2024-34403)

Summary: CVE-2024-34403 uriparser: integer overflow via a long string in ComposeQueryMallocExMm() in UriQuery.c
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: uriparser 0.9.8 Doc Type: If docs needed, set a value
Doc Text:
An integer overflow issue was found in Uriparser in the ComposeQueryMallocExMm() function in UriQuery.c. This function computes the space needed for composing a query string. However, it encounters an integer overflow issue when handling large key or value lengths, potentially leading to incorrect memory allocations or operations due to malformed size calculations. This flaw allows attackers to crash the application, resulting in a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2278810, 2278811, 2278812, 2278813    
Bug Blocks: 2278809    

Description TEJ RATHI 2024-05-03 07:05:50 UTC 
An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

https://github.com/uriparser/uriparser/issues/183
https://github.com/uriparser/uriparser/pull/186
https://github.com/uriparser/uriparser/commit/bb6b9b3f25fbafeb12dac68574d9f677b09880e3
Comment 1 TEJ RATHI 2024-05-03 07:12:26 UTC 
Created uriparser tracking bugs for this issue:

Affects: epel-8 [bug 2278810]
Affects: fedora-38 [bug 2278811]
Affects: fedora-39 [bug 2278812]
Affects: fedora-40 [bug 2278813]