CVE-2021-46142

CVE	CVE-2021-46142
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-01-06 04:15:00 UTC
Updated	2023-11-07 03:39:00 UTC
Description	An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

Problem Types: CWE-416

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Fedoraproject	Extra Packages For Enterprise Linux	8.0	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Opensuse	Backports	sle-15	All	All	All
Application	Opensuse	Factory	-	All	All	All
Operating System	Opensuse	Leap	15.3	All	All	All
Application	Uriparser Project	Uriparser	All	All	All	All

Reference	Source	Link	Tags
[SECURITY] Fedora 34 Update: uriparser-0.9.6-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Debian -- Security Information -- DSA-5063-1 uriparser	DEBIAN	www.debian.org
Fix memory handling of uriNormalizeSyntax, uriMakeOwner and uriNormalizeSyntax* (fixes #121, fixes #122) by hartwork · Pull Request #124 · uriparser/uriparser · GitHub	MISC	github.com
Hartwork Blog · uriparser 0.9.6 with security fixes released	CONFIRM	blog.hartwork.org
[SECURITY] Fedora 35 Update: uriparser-0.9.6-1.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
uriNormalizeSyntax* may free stack memory in out-of-memory situation when handling URIs containing empty segments · Issue #122 · uriparser/uriparser · GitHub	MISC	github.com
[SECURITY] Fedora 35 Update: uriparser-0.9.6-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: uriparser-0.9.6-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

179009 Debian Security Update for uriparser (DLA 2883-1)
179033 Debian Security Update for uriparser (DSA 5063-1)
182855 Debian Security Update for uriparser (CVE-2021-46142)
198855 Ubuntu Security Notification for uriparser Vulnerabilities (USN-5256-1)
282247 Fedora Security Update for mingw (FEDORA-2022-cfd0048127)
282248 Fedora Security Update for mingw (FEDORA-2022-00a529a8bf)
356775 Amazon Linux Security Advisory for uriparser : ALAS2-2023-2368
502193 Alpine Linux Security Update for uriparser
690766 Free Berkeley Software Distribution (FreeBSD) Security Update for uriparser (b927b654-7146-11ec-ad4b-5404a68ad561)