Primary

Context

uriparser Stack Overflow Vulnerability Due to Unbounded Recursion

Vulnerability

Patched

A denial-of-service vulnerability has been identified in uriparser versions through 0.9.9. The issue arises from unbounded recursion in the URI parsing function 'ParseMustBeSegmentNzNc', which can lead to stack overflow and application crashes. This vulnerability can be exploited by providing a URI input that contains a large number of commas, causing the parser to enter a recursive loop that exhausts the stack.

Impact

Exploitation of this vulnerability causes a stack overflow, leading to a crash of the application that uses uriparser for URI parsing.

Reproduction

The vulnerability can be reproduced by using uriparser version 0.9.9 and compiling it with Visual Studio 2022. The issue occurs when the parser is fed a URI string with excessive commas, which triggers the unbounded recursion in the 'ParseMustBeSegmentNzNc' function.

Remediation

Users can update to uriparser version 0.9.10, which includes a fix for this vulnerability by addressing the recursion issue in the parser.

Added: Dec 14, 2025, 11:18 PM

Updated: Dec 14, 2025, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

2.5

exploitability

6.0

remediation

7.7

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

2.5

exploitability

6.0

remediation

7.7

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

uriparser Stack Overflow Vulnerability Due to Unbounded Recursion

Vulnerability

Impact

Reproduction

Remediation

Affected Products

uriparser

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating