CVE-2026-44927
Undergoing Analysis Undergoing Analysis - In Progress
Pointer Difference Truncation in uriparser

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: MITRE

Description
In uriparser before 1.0.2, there is pointer difference truncation to int in various places.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-44927
EUVD
EUVD-2026-28536
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
uriparser uriparser to 1.0.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-197 Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in uriparser before version 1.0.2 involves the truncation of pointer difference values (ptrdiff_t) to a smaller integer type (int) in various parts of the code.

Truncating ptrdiff_t to int can cause loss of data or integer overflow because ptrdiff_t may be larger than int on some systems.

The issue was addressed by modifying multiple functions to correctly handle ptrdiff_t values without truncation, preventing potential errors related to incorrect integer conversions.

Impact Analysis

The vulnerability can lead to incorrect calculations or behavior in the uriparser library due to integer truncation errors.

While the CVSS score is low (2.9) and indicates no confidentiality or availability impact, there is a potential integrity impact, meaning the vulnerability could cause incorrect processing of URI data.

This could result in subtle bugs or unexpected behavior in applications relying on uriparser for URI handling, especially on systems where ptrdiff_t is larger than int.

Detection Guidance

This vulnerability relates to pointer difference truncation in the uriparser library before version 1.0.2. Detection involves identifying if your system or software is using a vulnerable version of uriparser.

You can check the installed version of uriparser on your system using commands like:

  • dpkg -l | grep uriparser # On Debian-based Linux distributions
  • rpm -qa | grep uriparser # On Red Hat-based Linux distributions
  • pkg-config --modversion uriparser # If pkg-config is used for uriparser

If you have source code or binaries that include uriparser, you may also inspect the version or check for the presence of the patched code as described in the pull request.

Mitigation Strategies

The primary mitigation step is to upgrade uriparser to version 1.0.2 or later, where the pointer difference truncation issue has been fixed.

If upgrading immediately is not possible, consider applying the patch from the referenced pull request to your current uriparser source code and rebuilding the library.

Additionally, restrict access to systems using vulnerable versions and monitor for any unusual behavior, although the CVSS score indicates a low severity with limited impact.

Compliance Impact

There is no information provided in the available context or resources that describes how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44927. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart