CVE-2018-19199

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.

References

Affected packages

Git / github.com/uriparser/uriparser

Affected ranges

Type: GIT
Repo: https://github.com/uriparser/uriparser
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f76275d4a91b28d687250525d3a0c5509bbd666f

Affected versions

uriparser-0.*

uriparser-0.3.0

uriparser-0.3.1

uriparser-0.3.2

uriparser-0.3.3

uriparser-0.3.4

uriparser-0.4.0

uriparser-0.5.0

uriparser-0.5.1

uriparser-0.5.2

uriparser-0.6.0

uriparser-0.6.1

uriparser-0.6.2

uriparser-0.6.3

uriparser-0.6.4

uriparser-0.7.0

uriparser-0.7.1

uriparser-0.7.2

uriparser-0.7.3

uriparser-0.7.4

uriparser-0.7.5

uriparser-0.7.6

uriparser-0.7.7

uriparser-0.7.8

uriparser-0.7.9

uriparser-0.8.0

uriparser-0.8.0.1

uriparser-0.8.1

uriparser-0.8.2

uriparser-0.8.3

uriparser-0.8.4

uriparser-0.8.5

uriparser-0.8.6

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/uriparser/uriparser/commit/f76275d4a91b28d687250525d3a0c5509bbd666f",
        "target": {
            "file": "src/UriQuery.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2018-19199-e01bf6e2",
        "digest": {
            "line_hashes": [
                "290371169415132705895581035972684788287",
                "326755179708340016162408027130503972958",
                "100983874194007827929211722687075228168",
                "223176582113153006996577696788295800471",
                "126050388159432121021043208975519024681",
                "54508814337538683184784625144362654913",
                "121578682297062695633425950485373220149",
                "176129368108619434604045172507923970959",
                "30080713267707726995436633986327152207"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    }
]