ID CVE-2018-19198
Summary An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
References
Vulnerable Configurations
  • cpe:2.3:a:uriparser_project:uriparser:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:uriparser_project:uriparser:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:uriparser_project:uriparser:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 06-08-2019 - 17:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2019:2280
rpms
  • uriparser-0:0.7.5-10.el7
  • uriparser-debuginfo-0:0.7.5-10.el7
  • uriparser-devel-0:0.7.5-10.el7
refmap via4
misc
mlist [debian-lts-announce] 20181120 [SECURITY] [DLA 1581-1] uriparser security update
Last major update 06-08-2019 - 17:15
Published 12-11-2018 - 15:29
Last modified 06-08-2019 - 17:15
Back to Top