11 matches found
CVE-2018-19198
CVE-2018-19198 (uriparser) is an out-of-bounds write vulnerability in UriQuery.c triggered by mishandling the '&' character in certain contexts, affecting uriparser up to version 0.9.0. The issue is fixed in uriparser 0.9.0 and later (see multiple advisories: USNs/EULAs and vendor advisories refe...
CVE-2018-19199
CVE-2018-19199 affects uriparser before 0.9.0. UriQuery.c allows an integer overflow via uriComposeQuery* or uriComposeQueryEx* due to an unchecked multiplication; CVE-2018-19198 covers an out-of-bounds write via the same functions because of mishandling of '&'. Multiple advisories (Ubuntu USN-51...
CVE-2018-20721
CVE-2018-20721 affects uriparser prior to 0.9.1, where URI_FUNC() in UriParse.c and the uriParseEx routines mishandle an incomplete IPv6 URI containing an embedded IPv4 address (example: //[::44.1). This triggers an out-of-bounds read in the parsing flow. The description indicates the issue is in...
CVE-2021-46141
CVE-2021-46141 affects uriparser prior to 0.9.6, with invalid free operations in uriFreeUriMembers and uriMakeOwner. Multiple advisories (Debian, Fedora, ALAS) indicate potential DoS or arbitrary code execution, mitigated by upgrading to 0.9.6 or later; some advisories specify version updates (e....
CVE-2018-19200
CVE-2018-19200 affects the uriparser library prior to 0.9.0. The vulnerability arises from UriCommon.c handling NULL input, allowing an operation on NULL input via a uriResetUri* function. Public advisories indicate this has been fixed in uriparser 0.9.0 and related security updates across severa...
CVE-2021-46142
The CVE concerns uriparser before 0.9.6, which performs invalid free operations in uriNormalizeSyntax. Connected advisories confirm this affects uriparser across multiple distributions and versions, with fixes provided in version 0.9.6 and later. Impact noted in Debian advisories includes potenti...
CVE-2024-34402
CVE-2024-34402 affects uriparser up to 0.9.7. UriQuery.c ComposeQueryEngine has an integer overflow on long keys/values, causing a buffer overflow. Connected advisories show multiple Linux distributions releasing updates/packages to fix uriparser (e.g., patches moving to newer uriparser versions)...
CVE-2026-42371
CVE-2026-42371 affects uriparser prior to 1.0.1. The issue is a numeric truncation in text range comparison when parsing extremely long URIs (potentially gigabytes long). Impact: availability could be affected. Exploitation details are not provided in the sources. Mitigation: upgrade to uriparser...
CVE-2024-34403
CVE-2024-34403 affects uriparser (through 0.9.7). The vulnerability is an integer overflow in ComposeQueryMallocExMm in UriQuery.c triggered by a long string, potentially causing memory corruption or denial of service as described in multiple advisories. Affected packages include uriparser versio...
CVE-2026-44927
Affected software: uriparser prior to 1.0.2. Issue: pointer difference truncation to int in multiple locations, as described in CVE-2026-44927 and corroborated by PT-2026-38681. Potential impact: memory calculation/size-related issues; explicit exploit details are not provided in the documents. R...
CVE-2026-44928
CVE-2026-44928 affects uriparser prior to 1.0.2. The EqualsUri function can misclassify two unequal URIs as equal, per EUVD-2026-28537 and PT-2026-38682. A remediation is to update to version 1.0.2 or later; PT-2026-38682 also recommends restricting EqualsUri usage as a temporary workaround. No e...