PT-2018-3384 · Uriparser+5 · Uriparser+5

Publicado

2018-11-04

Atualizado

2024-06-15

CVE-2018-19198

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: uriparser versions prior to 0.9.0

Description: The issue is related to the uriComposeQuery function in the Uriparser, which allows an out-of-bounds write due to the mishandling of the '&' character in certain contexts. This can potentially lead to unauthorized access to information and disruption of its integrity and availability.

Recommendations: For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the uriComposeQuery function until a patch is available. Avoid using the uriComposeQuery or uriComposeQueryEx functions in contexts where the '&' character is mishandled to minimize the risk of exploitation.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2018-2592

BDU:2020-00731

CESA-2019_2280

CVE-2018-19198

DLA-1581-1

OPENSUSE-SU-2019:0165-1

OPENSUSE-SU-2019:0171-1

OPENSUSE-SU-2019_0165-1

OPENSUSE-SU-2024:11488-1

RHSA-2019:2280

RHSA-2019_2280

SUSE-SU-2019:0228-1

SUSE-SU-2019_0228-1

USN-5172-1

USN-5172-2

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Uriparser

PT-2018-3384 · Uriparser+5 · Uriparser+5

CVE-2018-19198

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35