CVE Vulnerabilities

CVE-2026-42371

Numeric Truncation Error

Published: Apr 27, 2026 | Modified: May 18, 2026
CVSS 3.x
5.1
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
4.7 MODERATE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.

Weakness

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

Affected Software

NameVendorStart VersionEnd Version
UriparserUriparser_project*1.0.1 (excluding)
Red Hat Hardened ImagesRedHaturiparser-main-1.0.1-1.hum1*
UriparserUbuntudevel*
UriparserUbuntuesm-apps-legacy/xenial*
UriparserUbuntuesm-apps/bionic*
UriparserUbuntuesm-apps/focal*
UriparserUbuntuesm-apps/jammy*
UriparserUbuntuesm-apps/noble*
UriparserUbuntuesm-apps/resolute*
UriparserUbuntuesm-apps/xenial*
UriparserUbuntuesm-infra-legacy/trusty*
UriparserUbuntujammy*
UriparserUbuntunoble*
UriparserUbuntuquesting*
UriparserUbunturesolute*
UriparserUbuntuupstream*

Potential Mitigations

References