First published: Mon Nov 12 2018(Updated: )
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/uriparser | <0.9.0 | 0.9.0 |
Uriparser Project Uriparser | <0.9.0 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19199 is a vulnerability in uriparser before version 0.9.0 that allows an integer overflow via certain functions.
CVE-2018-19199 has a severity rating of 9.8 (Critical).
CVE-2018-19199 affects uriparser versions before 0.9.0.
To fix CVE-2018-19199, update uriparser to version 0.9.0 or later.
More information about CVE-2018-19199 can be found at the following references: - [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2019:2280) - [uriparser ChangeLog](https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog) - [Commit on uriparser GitHub repository](https://github.com/uriparser/uriparser/commit/f76275d4a91b28d687250525d3a0c5509bbd666f)