Security vulnerabilities and automated fixes for uri parsing issues
1 post found
A critical integer overflow vulnerability in `uri.c` allowed attackers to craft malicious URI strings that caused an undersized heap allocation followed by an out-of-bounds `memcpy`, leading to heap corruption. The fix adds mandatory bounds validation before any memory allocation, ensuring the `len + 1` calculation cannot silently wrap around to zero. Left unpatched, this vulnerability could enable remote code execution through carefully crafted URI inputs.