CVE-2018-19199 — Integer Overflow or Wraparound in Project Uriparser

CWE-190 — Integer Overflow or Wraparound12 documents8 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 28.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uriparser Project Uriparser Debian Linux

Timeline

PublishedNov 12

Latest updateMay 14

Description

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDuriparser_project/uriparser< 0.9.0

▶Debianuriparser_project/uriparser< 0.9.0-1+3

▶Ubuntuuriparser_project/uriparser< 0.8.4-1+deb9u2build0.18.04.1+2

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-75xm-fm6x-r3wr: An issue was discovered in uriparser before 0↗2022-05-14

▶

OSV

uriparser vulnerability↗2021-12-09

▶

OSV

uriparser vulnerabilities↗2021-12-06

▶

CVEList

CVE-2018-19199: An issue was discovered in uriparser before 0↗2018-11-12

▶

OSV

CVE-2018-19199: An issue was discovered in uriparser before 0↗2018-11-12

▶

📋Vendor Advisories

Ubuntu

uriparser vulnerability↗2021-12-09

▶

Ubuntu

uriparser vulnerabilities↗2021-12-06

▶

Red Hat

uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function↗2018-09-23

▶

Debian

CVE-2018-19199: uriparser - An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer ...↗2018

▶

💬Community

Bugzilla

CVE-2018-19199 uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function↗2018-11-21

▶

Bugzilla

CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 uriparser: various flaws [fedora-all]↗2018-11-21

▶