OpenSUSE Linux update for uriparser

Published: 2019-02-14 11:32:38 | Updated: 2019-02-14
Severity Low
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2018-19198
CVE-2018-19199
CVE-2018-19200
CVE-2018-20721
CVSSv3 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CWE ID CWE-787
CWE-190
CWE-476
CWE-125
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerable software Opensuse
Vulnerable software versions Opensuse 15.0
Vendor URL Novell

Security Advisory

1) Out-of-bounds write

Description

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to out-of-bounds write in the uriComposeQuery* and uriComposeQueryEx* functions, as defined in the UriQuery.csource code file. A local attacker can send a specially request that submits malicious input, trigger memory corruption to cause a DoS condition or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected packages.

External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00016.html

2) Integer overflow

Description

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the uriComposeQuery*and uriComposeQueryEx* functions, as defined in the UriQuery.c source code file. A local attacker can send a specially request that submits malicious input, trigger memory corruption to cause a DoS condition or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected packages.

External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00016.html

3) Null pointer dereference

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the uriResetUri* function, as defined in the UriCommon.c source code file due to the allowance of operations on a NULL input. A local attacker can send a specially request that submits malicious input, trigger NULL pointer dereference to cause a DoS condition.

Remediation

Update the affected packages.

External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00016.html

4) Out-of-bounds read

Description

The vulnerability allows a remote attacker to gain access to cause DoS condition.

The vulnerability exists in URI_FUNC() in UriParse.c in uriparser due to a boundary condition. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger out-of-bounds read error for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address and cause the service to crash.

Remediation

Update the affected packages.

External links

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00016.html

Back to List