Releases32
Frequency4 months 2 weeks
Last Release
Fastest uriparser, written in C

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 1.0.22.9 LOW

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.

< 1.0.22.9 LOW

In uriparser before 1.0.2, there is pointer difference truncation to int in various places.

< 1.0.15.1 MEDIUM

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.

<= 0.9.78.6 HIGH

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

<= 0.9.75.9 MEDIUM

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

< 0.9.65.5 MEDIUM4.3 MEDIUM

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

< 0.9.65.5 MEDIUM4.3 MEDIUM

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

< 0.9.19.8 CRITICAL7.5 HIGH

URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.

< 0.9.07.5 HIGH

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.

< 0.9.07.5 HIGH

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.

< 0.9.05 MEDIUM

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.