VYPR

rpm package

opensuse/uriparser&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/uriparser&distro=openSUSE%20Tumbleweed

Vulnerabilities (12)

  • CVE-2026-44928LowMay 8, 2026
    affected < 1.0.2-1.1fixed 1.0.2-1.1

    In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.

  • CVE-2026-44927LowMay 8, 2026
    affected < 1.0.2-1.1fixed 1.0.2-1.1

    In uriparser before 1.0.2, there is pointer difference truncation to int in various places.

  • CVE-2026-42371MedApr 27, 2026
    affected < 1.0.2-1.1fixed 1.0.2-1.1

    uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.

  • CVE-2025-67899LowDec 14, 2025
    affected < 1.0.0-1.1fixed 1.0.0-1.1

    uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

  • CVE-2024-34403May 3, 2024
    affected < 0.9.8-1.1fixed 0.9.8-1.1

    An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

  • CVE-2024-34402May 3, 2024
    affected < 0.9.8-1.1fixed 0.9.8-1.1

    An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

  • CVE-2021-46141Jan 6, 2022
    affected < 0.9.6-1.1fixed 0.9.6-1.1

    An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

  • CVE-2021-46142Jan 6, 2022
    affected < 0.9.6-1.1fixed 0.9.6-1.1

    An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

  • CVE-2018-20721Jan 16, 2019
    affected < 0.9.5-1.2fixed 0.9.5-1.2

    URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.

  • CVE-2018-19200Nov 12, 2018
    affected < 0.9.5-1.2fixed 0.9.5-1.2

    An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

  • CVE-2018-19199Nov 12, 2018
    affected < 0.9.5-1.2fixed 0.9.5-1.2

    An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.

  • CVE-2018-19198Nov 12, 2018
    affected < 0.9.5-1.2fixed 0.9.5-1.2

    An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.