Skip to content

advisory: complete affected ranges for GHSA-gmxg-5w57-j63q#7629

Open
miladrezanezhad wants to merge 1 commit intogithub:miladrezanezhad/advisory-improvement-7629from
miladrezanezhad:main
Open

advisory: complete affected ranges for GHSA-gmxg-5w57-j63q#7629
miladrezanezhad wants to merge 1 commit intogithub:miladrezanezhad/advisory-improvement-7629from
miladrezanezhad:main

Conversation

@miladrezanezhad
Copy link
Copy Markdown

@miladrezanezhad miladrezanezhad commented May 9, 2026

This PR completes the missing affected section for the unreviewed advisory GHSA-gmxg-5w57-j63q (CVE-2026-44927).

Changes:

  • Added package name: uriparser
  • Set affected versions: < 1.0.2 (all versions up to 1.0.1)
  • Set patched version: 1.0.2
  • Extended the technical description with details from the fix commit.

Source:

@miladrezanezhad
fix: complete affected version info for GHSA-gmxg-5w57-j63q
09cacfb 
"details": "A numeric truncation error (CWE-197) exists in uriparser versions prior to 1.0.2. The vulnerable code paths incorrectly cast ptrdiff_t (64-bit) to int (32-bit) when calculating buffer sizes, leading to potential integer overflow. This vulnerability was fixed in commit dd98b0f via pull request github#304, which introduced size_t throughout the internal API and added overflow validation at the public API boundaries.",
@github-actions github-actions Bot changed the base branch from main to miladrezanezhad/advisory-improvement-7629 May 9, 2026 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@miladrezanezhad