Vulnerability Description
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uriparser Project | Uriparser | < 0.9.0 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:2280
- https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLogRelease Notes
- https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b2Patch
- https://lists.debian.org/debian-lts-announce/2018/11/msg00019.htmlThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2280
- https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLogRelease Notes
- https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b2Patch
- https://lists.debian.org/debian-lts-announce/2018/11/msg00019.htmlThird Party Advisory
FAQ
What is CVE-2018-19198?
CVE-2018-19198 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain con...
How severe is CVE-2018-19198?
CVE-2018-19198 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-19198?
Check the references section above for vendor advisories and patch information. Affected products include: Uriparser Project Uriparser, Debian Debian Linux.