PT-2018-3384 · Uriparser+5 · Uriparser+5

Published

2018-11-04

Updated

2024-06-15

CVE-2018-19198

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: uriparser versions prior to 0.9.0

Description: The issue is related to the uriComposeQuery function in the Uriparser, which allows an out-of-bounds write due to the mishandling of the '&' character in certain contexts. This can potentially lead to unauthorized access to information and disruption of its integrity and availability.

Recommendations: For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the uriComposeQuery function until a patch is available. Avoid using the uriComposeQuery or uriComposeQueryEx functions in contexts where the '&' character is mishandled to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2018-2592

BDU:2020-00731

CESA-2019_2280

CVE-2018-19198

DLA-1581-1

OPENSUSE-SU-2019:0165-1

OPENSUSE-SU-2019:0171-1

OPENSUSE-SU-2019_0165-1

OPENSUSE-SU-2024:11488-1

RHSA-2019:2280

RHSA-2019_2280

SUSE-SU-2019:0228-1

SUSE-SU-2019_0228-1

USN-5172-1

USN-5172-2

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Uriparser

PT-2018-3384 · Uriparser+5 · Uriparser+5

CVE-2018-19198

Weakness Enumeration

Related Identifiers

Affected Products

References · 35