An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
9.8CVSS
9.2AI Score
0.005EPSS
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
9.8CVSS
9.2AI Score
0.004EPSS
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
7.5CVSS
8.2AI Score
0.002EPSS
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParseEx functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
9.8CVSS
9.2AI Score
0.003EPSS
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
5.5CVSS
5.2AI Score
0.001EPSS
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
5.5CVSS
5.2AI Score
0.001EPSS