Google Autofuzz team - Security Researcher - Exploit Intelligence Platform

CVE-2018-19199 WRITEUP CRITICAL WRITEUP

uriparser < 0.9.0 - Integer Overflow in UriQuery.c

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.

CVSS 9.8

View Code

CVE-2018-19200 WRITEUP HIGH WRITEUP

uriparser < 0.9.0 - NULL Pointer Dereference via uriResetUri Function

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

CVSS 7.5

View Code

CVE-2018-19198 WRITEUP CRITICAL WRITEUP

uriparser < 0.9.0 - Out-of-bounds Write via Query Composition Function

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.

CVSS 9.8

View Code