5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
uriparser is performing to invalid free. Lack of proper memory handling to free .hostText
memory for URIs with an IPV4 or IPV6 address host in uriMakeOwner*
and uriFreeUriMembers*
functions, causing invalid free operations.
blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/
github.com/uriparser/uriparser/commit/cd6070c92f3bab157139c35ff4841054afaa67ef
github.com/uriparser/uriparser/issues/121
github.com/uriparser/uriparser/pull/124
lists.debian.org/debian-lts-announce/2022/01/msg00029.html
lists.fedoraproject.org/archives/list/[email protected]/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/
lists.fedoraproject.org/archives/list/[email protected]/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/
www.debian.org/security/2022/dsa-5063
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P