PublicDateAtUSN: 2018-11-12 15:29:00 UTC
Candidate: CVE-2018-19200
PublicDate: 2018-11-12 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19200
 https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539
 https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog
 https://ubuntu.com/security/notices/USN-5172-1
Description:
 An issue was discovered in uriparser before 0.9.0. UriCommon.c allows
 attempted operations on NULL input via a uriResetUri* function.
Ubuntu-Description:
 It was discovered that uriparser mishandled certain input. An attacker could
 use this vulnerability to cause uriparser to crash or possibly execute
 arbitrary code.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_uriparser:
upstream_uriparser: released (0.9.0-1)
precise/esm_uriparser: DNE
trusty_uriparser: ignored (out of standard support)
trusty/esm_uriparser: needed
xenial_uriparser: ignored (end of standard support, was needed)
bionic_uriparser: released (0.8.4-1+deb9u2build0.18.04.1)
cosmic_uriparser: ignored (reached end-of-life)
disco_uriparser: released (0.9.0-1)
eoan_uriparser: not-affected (0.9.3-2)
focal_uriparser: not-affected (0.9.3-2)
groovy_uriparser: not-affected (0.9.3-2)
hirsute_uriparser: not-affected (0.9.3-2)
impish_uriparser: not-affected (0.9.3-2)
jammy_uriparser: not-affected (0.9.3-2)
devel_uriparser: not-affected (0.9.3-2)