CVE-2021-46141

Опубликовано: 06 янв. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

Ссылки

https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/
Third Party Advisory
https://github.com/uriparser/uriparser/issues/121
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/uriparser/uriparser/pull/124
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00029.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/
https://www.debian.org/security/2022/dsa-5063
Third Party Advisory
https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released/
Third Party Advisory
https://github.com/uriparser/uriparser/issues/121
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/uriparser/uriparser/pull/124
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00029.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2/
https://www.debian.org/security/2022/dsa-5063
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uriparser_project:uriparser:*:*:*:*:*:*:*:*

Версия до 0.9.6 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00117

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2021-46141

CVSS3: 5.5

ubuntu

около 4 лет назад

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

CVE-2021-46141

CVSS3: 4

redhat

около 4 лет назад

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

CVE-2021-46141

CVSS3: 5.5

debian

около 4 лет назад

An issue was discovered in uriparser before 0.9.6. It performs invalid ...

GHSA-h7v5-6w5c-368p

github

около 4 лет назад

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

BDU:2022-05786

CVSS3: 5.5

fstec

около 4 лет назад

Уязвимость парсера Uriparser, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 31%

0.00117

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416