Описание
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| uriparser | fixed | 0.9.0-1 | package | |
| uriparser | fixed | 0.8.4-1+deb9u1 | stretch | package |
Примечания
https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e
EPSS
Связанные уязвимости
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
Уязвимость функции uriComposeQuery парсера Uriparser, связанная с записью за границами буфера памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
EPSS