URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
References
Link | Resource |
---|---|
https://github.com/uriparser/uriparser/blob/master/ChangeLog | Release Notes Third Party Advisory |
https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/02/msg00028.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/11/msg00029.html | Mailing List Third Party Advisory |
https://github.com/uriparser/uriparser/blob/master/ChangeLog | Release Notes Third Party Advisory |
https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/02/msg00028.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/11/msg00029.html | Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 04:02
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/uriparser/uriparser/blob/master/ChangeLog - Release Notes, Third Party Advisory | |
References | () https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4 - Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2019/02/msg00028.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2021/11/msg00029.html - Mailing List, Third Party Advisory |
16 Dec 2021, 19:01
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/02/msg00028.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00029.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
01 Dec 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-01-16 14:29
Updated : 2024-11-21 04:02
NVD link : CVE-2018-20721
Mitre link : CVE-2018-20721
CVE.ORG link : CVE-2018-20721
JSON object : View
Products Affected
debian
- debian_linux
uriparser_project
- uriparser
CWE
CWE-125
Out-of-bounds Read