ID CVE-2018-19200
Summary An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
References
Vulnerable Configurations
  • Debian Linux
    cpe:2.3:o:debian:debian_linux
  • Debian Debian Linux 0.9.1
    cpe:2.3:o:debian:debian_linux:0.9.1
  • Debian Debian Linux 0.9.2
    cpe:2.3:o:debian:debian_linux:0.9.2
  • Debian Debian Linux 0.9.3
    cpe:2.3:o:debian:debian_linux:0.9.3
  • Debian Debian Linux 0.9.4
    cpe:2.3:o:debian:debian_linux:0.9.4
  • Debian Debian Linux 0.93
    cpe:2.3:o:debian:debian_linux:0.93
  • Debian Debian Linux 1.1
    cpe:2.3:o:debian:debian_linux:1.1
  • Debian Debian Linux 1.2
    cpe:2.3:o:debian:debian_linux:1.2
  • Debian Debian Linux 1.3
    cpe:2.3:o:debian:debian_linux:1.3
  • Debian Debian Linux 1.3.1
    cpe:2.3:o:debian:debian_linux:1.3.1
  • Debian Debian Linux 2.0
    cpe:2.3:o:debian:debian_linux:2.0
  • Debian Debian Linux 2.0.5
    cpe:2.3:o:debian:debian_linux:2.0.5
  • Debian Debian Linux 2.0.34 kernel
    cpe:2.3:o:debian:debian_linux:2.0.34
  • Debian Debian Linux 2.1
    cpe:2.3:o:debian:debian_linux:2.1
  • Debian Debian Linux 2.1.8.8.p3-1.1
    cpe:2.3:o:debian:debian_linux:2.1.8.8.p3-1.1
  • Debian Debian Linux 2.2
    cpe:2.3:o:debian:debian_linux:2.2
  • Debian Debian Linux 2.3
    cpe:2.3:o:debian:debian_linux:2.3
  • Debian Debian Linux 3.0
    cpe:2.3:o:debian:debian_linux:3.0
  • Debian Debian Linux 3.0_18
    cpe:2.3:o:debian:debian_linux:3.0.18
  • Debian Debian Linux 3.0_23
    cpe:2.3:o:debian:debian_linux:3.0.23
  • Debian Debian Linux 3.1
    cpe:2.3:o:debian:debian_linux:3.1
  • Debian Debian Linux 3.2.4
    cpe:2.3:o:debian:debian_linux:3.2.4
  • Debian GNU/Linux 4.0
    cpe:2.3:o:debian:debian_linux:4.0
  • Debian GNU/Linux 5.0
    cpe:2.3:o:debian:debian_linux:5.0
  • Debian Debian Linux 5.0.9
    cpe:2.3:o:debian:debian_linux:5.0.9
  • Debian GNU/Linux 6.0
    cpe:2.3:o:debian:debian_linux:6.0
  • Debian Debian Linux 6.0.14
    cpe:2.3:o:debian:debian_linux:6.0.14
  • Debian Debian Linux 6.2
    cpe:2.3:o:debian:debian_linux:6.2
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 7.1
    cpe:2.3:o:debian:debian_linux:7.1
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0228-1.NASL
    description This update for uriparser fixes the following issues : Security issues fixed : CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193). CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115722). CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115723). CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-06
    plugin id 121610
    published 2019-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121610
    title SUSE SLED15 / SLES15 Security Update : uriparser (SUSE-SU-2019:0228-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-96B48B34AE.NASL
    description Update to 0.9.0, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120635
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120635
    title Fedora 28 : mingw-uriparser (2018-96b48b34ae)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1581.NASL
    description Multiple vulnerabilities have been discovered in uriparser, an Uniform Resource Identifiers (URIs) parsing library. CVE-2018-19198 UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. CVE-2018-19199 UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. CVE-2018-19200 UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. For Debian 8 'Jessie', these problems have been fixed in version 0.8.0.1-2+deb8u1. We recommend that you upgrade your uriparser packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 119053
    published 2018-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119053
    title Debian DLA-1581-1 : uriparser security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3563FAE5F60C11E8B5135404A68AD561.NASL
    description The upstream project reports : * Fixed: Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx* Commit 864f5d4c127def386dd5cc926ad96934b297f04e Thanks to Google Autofuzz team for the report! * Fixed: Detect integer overflow in uriComposeQuery* and uriComposeQueryEx* Commit f76275d4a91b28d687250525d3a0c5509bbd666f Thanks to Google Autofuzz team for the report! * Fixed: Protect uriResetUri* against acting on NULL input Commit f58c25069cf4a986fe17a80c5b38687e31feb539
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 119315
    published 2018-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119315
    title FreeBSD : uriparser -- Multiple vulnerabilities (3563fae5-f60c-11e8-b513-5404a68ad561)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-A3EF0A026F.NASL
    description Update to 0.9.0, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120668
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120668
    title Fedora 28 : uriparser (2018-a3ef0a026f)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2019-165.NASL
    description This update for uriparser fixes the following issues : Security issues fixed : - CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193). - CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115722). - CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115723). - CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724). This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 122178
    published 2019-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122178
    title openSUSE Security Update : uriparser (openSUSE-2019-165)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-4003413459.NASL
    description Update to 0.9.0, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120375
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120375
    title Fedora 29 : mingw-uriparser (2018-4003413459)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-C5C72A45EA.NASL
    description Update to 0.9.0, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120773
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120773
    title Fedora 29 : uriparser (2018-c5c72a45ea)
refmap via4
misc
mlist [debian-lts-announce] 20181120 [SECURITY] [DLA 1581-1] uriparser security update
Last major update 12-11-2018 - 10:29
Published 12-11-2018 - 10:29
Last modified 12-12-2018 - 09:16
Back to Top