Lucene search
K
Uriparser ProjectUriparser

11 matches found

CVE
CVE
added 2018/11/12 3:0 p.m.172 views

CVE-2018-19198

CVE-2018-19198 (uriparser) is an out-of-bounds write vulnerability in UriQuery.c triggered by mishandling the '&' character in certain contexts, affecting uriparser up to version 0.9.0. The issue is fixed in uriparser 0.9.0 and later (see multiple advisories: USNs/EULAs and vendor advisories refe...

9.8CVSS9.2AI score0.02367EPSS
CVE
CVE
added 2018/11/12 3:0 p.m.148 views

CVE-2018-19199

CVE-2018-19199 affects uriparser before 0.9.0. UriQuery.c allows an integer overflow via uriComposeQuery* or uriComposeQueryEx* due to an unchecked multiplication; CVE-2018-19198 covers an out-of-bounds write via the same functions because of mishandling of '&'. Multiple advisories (Ubuntu USN-51...

9.8CVSS9.2AI score0.02338EPSS
CVE
CVE
added 2019/01/16 2:0 p.m.147 views

CVE-2018-20721

CVE-2018-20721 affects uriparser prior to 0.9.1, where URI_FUNC() in UriParse.c and the uriParseEx routines mishandle an incomplete IPv6 URI containing an embedded IPv4 address (example: //[::44.1). This triggers an out-of-bounds read in the parsing flow. The description indicates the issue is in...

9.8CVSS9.2AI score0.0205EPSS
CVE
CVE
added 2022/01/06 3:48 a.m.146 views

CVE-2021-46141

CVE-2021-46141 affects uriparser prior to 0.9.6, with invalid free operations in uriFreeUriMembers and uriMakeOwner. Multiple advisories (Debian, Fedora, ALAS) indicate potential DoS or arbitrary code execution, mitigated by upgrading to 0.9.6 or later; some advisories specify version updates (e....

5.5CVSS5.2AI score0.01131EPSS
CVE
CVE
added 2018/11/12 3:0 p.m.143 views

CVE-2018-19200

CVE-2018-19200 affects the uriparser library prior to 0.9.0. The vulnerability arises from UriCommon.c handling NULL input, allowing an operation on NULL input via a uriResetUri* function. Public advisories indicate this has been fixed in uriparser 0.9.0 and related security updates across severa...

7.5CVSS8.2AI score0.02484EPSS
CVE
CVE
added 2022/01/06 3:48 a.m.143 views

CVE-2021-46142

The CVE concerns uriparser before 0.9.6, which performs invalid free operations in uriNormalizeSyntax. Connected advisories confirm this affects uriparser across multiple distributions and versions, with fixes provided in version 0.9.6 and later. Impact noted in Debian advisories includes potenti...

5.5CVSS5.2AI score0.01095EPSS
CVE
CVE
added 2024/05/03 12:0 a.m.96 views

CVE-2024-34402

CVE-2024-34402 affects uriparser up to 0.9.7. UriQuery.c ComposeQueryEngine has an integer overflow on long keys/values, causing a buffer overflow. Connected advisories show multiple Linux distributions releasing updates/packages to fix uriparser (e.g., patches moving to newer uriparser versions)...

8.6CVSS6.9AI score0.01233EPSS
CVE
CVE
added 2026/04/27 5:50 a.m.92 views

CVE-2026-42371

CVE-2026-42371 affects uriparser prior to 1.0.1. The issue is a numeric truncation in text range comparison when parsing extremely long URIs (potentially gigabytes long). Impact: availability could be affected. Exploitation details are not provided in the sources. Mitigation: upgrade to uriparser...

5.1CVSS5.2AI score0.00172EPSS
CVE
CVE
added 2024/05/03 12:0 a.m.88 views

CVE-2024-34403

CVE-2024-34403 affects uriparser (through 0.9.7). The vulnerability is an integer overflow in ComposeQueryMallocExMm in UriQuery.c triggered by a long string, potentially causing memory corruption or denial of service as described in multiple advisories. Affected packages include uriparser versio...

5.9CVSS6.6AI score0.01316EPSS
CVE
CVE
added 2026/05/08 7:13 a.m.32 views

CVE-2026-44927

Affected software: uriparser prior to 1.0.2. Issue: pointer difference truncation to int in multiple locations, as described in CVE-2026-44927 and corroborated by PT-2026-38681. Potential impact: memory calculation/size-related issues; explicit exploit details are not provided in the documents. R...

5.3CVSS5.8AI score0.00211EPSS
CVE
CVE
added 2026/05/08 7:15 a.m.30 views

CVE-2026-44928

CVE-2026-44928 affects uriparser prior to 1.0.2. The EqualsUri function can misclassify two unequal URIs as equal, per EUVD-2026-28537 and PT-2026-38682. A remediation is to update to version 1.0.2 or later; PT-2026-38682 also recommends restricting EqualsUri usage as a temporary workaround. No e...

5.3CVSS5.8AI score0.00211EPSS