PT-2019-6391 · Uriparser+3 · Uriparser+3

Joergen Ibsen

Publicado

2019-01-02

Atualizado

2024-06-15

CVE-2018-20721

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions uriparser versions prior to 0.9.1

Description The issue is related to an out-of-bounds read in the URI FUNC() function within the UriParse.c component of the uriparser. This occurs when parsing an incomplete URI that contains an IPv6 address with an embedded IPv4 address. The exploitation of this issue can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the URI FUNC() function when parsing incomplete URIs until a patch is available.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2019-1025

BDU:2023-07797

CVE-2018-20721

DLA-1682-1

DLA-2834-1

OPENSUSE-SU-2019:0165-1

OPENSUSE-SU-2019:0171-1

OPENSUSE-SU-2019_0165-1

OPENSUSE-SU-2024:11488-1

SUSE-SU-2019:0228-1

USN-5172-1

USN-5172-2

Produtos afetados

Alt Linux

Suse

Ubuntu

Uriparser

PT-2019-6391 · Uriparser+3 · Uriparser+3

CVE-2018-20721

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37