CVE-2018-19198

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.

References

Affected packages

Git / github.com/uriparser/uriparser

Affected ranges

Type: GIT
Repo: https://github.com/uriparser/uriparser
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

864f5d4c127def386dd5cc926ad96934b297f04e

Affected versions

uriparser-0.*

uriparser-0.3.0

uriparser-0.3.1

uriparser-0.3.2

uriparser-0.3.3

uriparser-0.3.4

uriparser-0.4.0

uriparser-0.5.0

uriparser-0.5.1

uriparser-0.5.2

uriparser-0.6.0

uriparser-0.6.1

uriparser-0.6.2

uriparser-0.6.3

uriparser-0.6.4

uriparser-0.7.0

uriparser-0.7.1

uriparser-0.7.2

uriparser-0.7.3

uriparser-0.7.4

uriparser-0.7.5

uriparser-0.7.6

uriparser-0.7.7

uriparser-0.7.8

uriparser-0.7.9

uriparser-0.8.0

uriparser-0.8.0.1

uriparser-0.8.1

uriparser-0.8.2

uriparser-0.8.3

uriparser-0.8.4

uriparser-0.8.5

uriparser-0.8.6

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "100403468009939954026720765720552592861",
                    "161482427211911698368924816150145763402",
                    "190151097438128959420271269086977651032",
                    "150710995914627635990660843400979939834"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e",
            "signature_type": "Line",
            "target": {
                "file": "src/UriQuery.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2018-19198-788db432"
        },
        {
            "digest": {
                "line_hashes": [
                    "328311883274064102442555921402038281686",
                    "257023867471187916309104926839907291990",
                    "106446773495015763017148475824453056673",
                    "280931746396499147646466482829758555977",
                    "123208331935591282331249247062107345706",
                    "268845220720058387110604157985123069767",
                    "247380824432098462657860236861826047524"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e",
            "signature_type": "Line",
            "target": {
                "file": "test/test.cpp"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2018-19198-e9ac82d3"
        }
    ]
}