PT-2019-6391 · Uriparser+3 · Uriparser+3

Joergen Ibsen

Published

2019-01-02

Updated

2024-06-15

CVE-2018-20721

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions uriparser versions prior to 0.9.1

Description The issue is related to an out-of-bounds read in the URI FUNC() function within the UriParse.c component of the uriparser. This occurs when parsing an incomplete URI that contains an IPv6 address with an embedded IPv4 address. The exploitation of this issue can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the URI FUNC() function when parsing incomplete URIs until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-1025

BDU:2023-07797

CVE-2018-20721

DLA-1682-1

DLA-2834-1

OPENSUSE-SU-2019:0165-1

OPENSUSE-SU-2019:0171-1

OPENSUSE-SU-2019_0165-1

OPENSUSE-SU-2024:11488-1

SUSE-SU-2019:0228-1

USN-5172-1

USN-5172-2

Affected Products

Alt Linux

Suse

Ubuntu

Uriparser

PT-2019-6391 · Uriparser+3 · Uriparser+3

CVE-2018-20721

Weakness Enumeration

Related Identifiers

Affected Products

References · 37