Uriparser
CVE-2018-19199
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
AnalysisAI
An issue was discovered in uriparser before 0.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. Affected products include: Uriparser Project Uriparser, Debian Debian Linux. Version information: before 0.9.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
An issue was discovered in uriparser before 0.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex
An issue was discovered in uriparser before 0.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploi
uriparser before 1.0.1 suffers a numeric truncation vulnerability in text range comparison that causes denial of service
The EqualsUri function in uriparser before version 1.0.2 incorrectly classifies structurally distinct URIs as equivalent
Pointer difference truncation to signed int in uriparser before version 1.0.2 allows local attackers to cause integer ov
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today