CVE-2018-19198 on Ubuntu 16.04 LTS (xenial) - medium.
Description:
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.