A flaw was found in uriparser before version 0.9.1. An Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//[::44.1"; mitigated if passed parameter <afterLast> points to readable memory containing a '\0' byte. References: https://github.com/uriparser/uriparser/blob/uriparser-0.9.1/ChangeLog#L9 Upstream Patch: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
Created mingw-uriparser tracking bugs for this issue: Affects: fedora-all [bug 1666026] Created uriparser tracking bugs for this issue: Affects: fedora-all [bug 1666025]
Statement: This issue affects the versions of uriparser as shipped with Red Hat Enterprise Linux 7.