AVG-2794 log

Issue	Severity	Remote	Type	Description
CVE-2021-46142	Medium	No	Denial of service	uriNormalizeSyntax may free stack memory in out-of-memory situation when handling URIs containing empty segments
CVE-2021-46141	Medium	No	Denial of service	.hostText memory is not properly duped/freed in uriNormalizeSyntax, uriMakeOwner, uriFreeUriMembers for some URIs

Issue

Severity

Remote

Type

Description

Medium

Denial of service

uriNormalizeSyntax may free stack memory in out-of-memory situation when handling URIs containing empty segments

Medium

Denial of service

.hostText memory is not properly duped/freed in uriNormalizeSyntax, uriMakeOwner, uriFreeUriMembers for some URIs

References
https://github.com/uriparser/uriparser/pull/124 https://github.com/uriparser/uriparser/commit/cd6070c92f3bab157139c35ff4841054afaa67ef