CVE-2018-19198 – uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function

https://notcve.org/view.php?id=CVE-2018-19198

An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. Se ha descubierto un problema en versiones anteriores a la 0.9.0 de uriparser. UriQuery.c permite la escritura fuera de límites mediante las funciones uriComposeQuery* o uriComposeQueryEx* debido a que el carácter '' se gestiona de manera incorrecta en ciertos contextos. • https://access.redhat.com/errata/RHSA-2019:2280 https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e https://lists.debian.org/debian-lts-announce/2018/11/msg00019.html https://access.redhat.com/security/cve/CVE-2018-19198 https://bugzilla.redhat.com/show_bug.cgi?id=1651946 • CWE-787: Out-of-bounds Write •