Описание
Security update for uriparser
This update for uriparser fixes the following issues:
Security issues fixed:
- CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193).
- CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115722).
- CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115723).
- CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2019:0165-1
- SUSE Security Ratings
- SUSE Bug 1115722
- SUSE Bug 1115723
- SUSE Bug 1115724
- SUSE Bug 1122193
- SUSE CVE CVE-2018-19198 page
- SUSE CVE CVE-2018-19199 page
- SUSE CVE CVE-2018-19200 page
- SUSE CVE CVE-2018-20721 page
Описание
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
Затронутые продукты
Ссылки
- CVE-2018-19198
- SUSE Bug 1115722
Описание
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
Затронутые продукты
Ссылки
- CVE-2018-19199
- SUSE Bug 1115723
Описание
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
Затронутые продукты
Ссылки
- CVE-2018-19200
- SUSE Bug 1115724
Описание
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
Затронутые продукты
Ссылки
- CVE-2018-20721
- SUSE Bug 1122193