Description
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
References
github.com/uriparser/uriparser/pull/185
github.com/uriparser/uriparser/issues/183
www.openwall.com/lists/oss-security/2024/05/06/1 ([oss-security] 20240506 Fwd: uriparser 0.9.8 released, includes security fixes)
www.openwall.com/lists/oss-security/2024/05/06/3 ([oss-security] 20240506 Re: Fwd: uriparser 0.9.8 released, includes security fixes)
lists.fedoraproject.org/...UG4J7PD475LSCGCSHFU4GMU4TWLDSNW2/ (FEDORA-2024-40e8512956)
lists.fedoraproject.org/...5R36L762D3KX3GA66OOPWW7M7KKDRXDP/ (FEDORA-2024-a7b8b6bfe2)
lists.fedoraproject.org/...CZ6KEUQXWCTYXGTBMZDD7CHJCYI52XY3/ (FEDORA-2024-410d4ecabe)
