CVE-2021-46142

CWE-416 — Use After Free CWE-401 — Memory Leak10 documents7 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 69.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uriparser Project Uriparser Debian Debian Linux Fedoraproject Extra Packages FOR Enterprise Linux +3 more

Timeline

PublishedJan 6

Latest updateJul 18

Description

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDuriparser_project/uriparser< 0.9.6

▶Debianuriparser< 0.9.4+dfsg-1+deb11u1+3

▶Ubuntuuriparser< 0.8.4-1+deb9u2ubuntu0.1+3

▶NVDopensuse/leap15.3

▶NVDopensuse/backportssle-15

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

uriparser vulnerabilities↗2022-07-18

▶

OSV

uriparser vulnerabilities↗2022-07-13

▶

GHSA

GHSA-5jh9-cx9r-v7ww: An issue was discovered in uriparser before 0↗2022-01-07

▶

CVEList

CVE-2021-46142: An issue was discovered in uriparser before 0↗2022-01-06

▶

OSV

CVE-2021-46142: An issue was discovered in uriparser before 0↗2022-01-06

▶

📋Vendor Advisories

Ubuntu

uriparser vulnerabilities↗2022-07-18

▶

Ubuntu

uriparser vulnerabilities↗2022-07-13

▶

Red Hat

uriparser: Invalid free operations in uriNormalizeSyntax.↗2022-01-03

▶

Debian

CVE-2021-46142: uriparser - An issue was discovered in uriparser before 0.9.6. It performs invalid free oper...↗2021

▶