git: 0d1194eee10d - main - security/vuxml: Document vulnerabilities in net/uniparser before 0.9.6

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Thomas Zander <riggs_at_FreeBSD.org>
Date: Sun, 09 Jan 2022 13:37:27 UTC
The branch main has been updated by riggs:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0d1194eee10d5cf02f9b619cdfdd1cec8aa709a4

commit 0d1194eee10d5cf02f9b619cdfdd1cec8aa709a4
Author:     Thomas Zander <riggs@FreeBSD.org>
AuthorDate: 2022-01-09 13:34:01 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2022-01-09 13:37:24 +0000

    security/vuxml: Document vulnerabilities in net/uniparser before 0.9.6
    
    PR:             261056
    Security:       CVE-2021-46141
                    CVE-2021-46142
---
 security/vuxml/vuln-2022.xml | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index fb30d1dcd7fc..1af266852b4f 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,44 @@
+  <vuln vid="b927b654-7146-11ec-ad4b-5404a68ad561">
+    <topic>uriparser -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>uriparser</name>
+	<range><lt>0.9.6</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Upstream project reports:</p>
+	<blockquote cite="https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog">
+	  <p>Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner*
+	     functions where the text range in .hostText would not be duped using
+	     malloc but remain unchanged (and hence "not owned") for URIs with
+	     an IPv4 or IPv6 address hostname; depending on how an application
+	     uses uriparser, this could lead the application into a use-after-free
+	     situation.
+	     As the second half, fix uriFreeUriMembers* functions that would not
+	     free .hostText memory for URIs with an IPv4 or IPv6 address host;
+	     also, calling uriFreeUriMembers* multiple times on a URI of this
+	     very nature would result in trying to free pointers to stack
+	     (rather than heap) memory.
+	     Fix functions uriNormalizeSyntax* for out-of-memory situations
+	     (i.e. malloc returning NULL) for URIs containing empty segments
+	     (any of user info, host text, query, or fragment) where previously
+	     pointers to stack (rather than heap) memory were freed.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-46141</cvename>
+      <cvename>CVE-2021-46142</cvename>
+      <url>https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog</url>
+    </references>
+    <dates>
+      <discovery>2022-01-06</discovery>
+      <entry>2022-01-09</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="d3e023fb-6e88-11ec-b948-080027240888">
     <topic>Django -- multiple vulnerabilities</topic>
     <affects>