9 matches found
CVE-2018-19198
CVE-2018-19198 (uriparser) is an out-of-bounds write vulnerability in UriQuery.c triggered by mishandling the '&' character in certain contexts, affecting uriparser up to version 0.9.0. The issue is fixed in uriparser 0.9.0 and later (see multiple advisories: USNs/EULAs and vendor advisories refe...
CVE-2018-19199
CVE-2018-19199 affects uriparser before 0.9.0. UriQuery.c allows an integer overflow via uriComposeQuery* or uriComposeQueryEx* due to an unchecked multiplication; CVE-2018-19198 covers an out-of-bounds write via the same functions because of mishandling of '&'. Multiple advisories (Ubuntu USN-51...
CVE-2018-19200
CVE-2018-19200 affects the uriparser library prior to 0.9.0. The vulnerability arises from UriCommon.c handling NULL input, allowing an operation on NULL input via a uriResetUri* function. Public advisories indicate this has been fixed in uriparser 0.9.0 and related security updates across severa...
CVE-2018-20721
CVE-2018-20721 affects uriparser prior to 0.9.1, where URI_FUNC() in UriParse.c and the uriParseEx routines mishandle an incomplete IPv6 URI containing an embedded IPv4 address (example: //[::44.1). This triggers an out-of-bounds read in the parsing flow. The description indicates the issue is in...
CVE-2021-46141
CVE-2021-46141 affects uriparser prior to 0.9.6, with invalid free operations in uriFreeUriMembers and uriMakeOwner. Multiple advisories (Debian, Fedora, ALAS) indicate potential DoS or arbitrary code execution, mitigated by upgrading to 0.9.6 or later; some advisories specify version updates (e....
CVE-2021-46142
The CVE concerns uriparser before 0.9.6, which performs invalid free operations in uriNormalizeSyntax. Connected advisories confirm this affects uriparser across multiple distributions and versions, with fixes provided in version 0.9.6 and later. Impact noted in Debian advisories includes potenti...
CVE-2026-42371
CVE-2026-42371 affects uriparser prior to 1.0.1. The issue is a numeric truncation in text range comparison when parsing extremely long URIs (potentially gigabytes long). Impact: availability could be affected. Exploitation details are not provided in the sources. Mitigation: upgrade to uriparser...
CVE-2026-44927
Affected software: uriparser prior to 1.0.2. Issue: pointer difference truncation to int in multiple locations, as described in CVE-2026-44927 and corroborated by PT-2026-38681. Potential impact: memory calculation/size-related issues; explicit exploit details are not provided in the documents. R...
CVE-2026-44928
CVE-2026-44928 affects uriparser prior to 1.0.2. The EqualsUri function can misclassify two unequal URIs as equal, per EUVD-2026-28537 and PT-2026-38682. A remediation is to update to version 1.0.2 or later; PT-2026-38682 also recommends restricting EqualsUri usage as a temporary workaround. No e...