Debian Security Advisory

DLA-1682-1 uriparser -- LTS security update

Date Reported:
18 Feb 2019
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-20721.
More information:

Joergen Ibsen reported an issue with uriparser, a URI parsing library compliant with RFC 3986.

An Out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//[::44.1", were possible.

For Debian 8 "Jessie", this problem has been fixed in version

We recommend that you upgrade your uriparser packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: