CVE-2025-67899

Name

CVE-2025-67899

Description

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
cve@mitre.org	https://github.com/uriparser/uriparser/issues/282
cve@mitre.org	https://github.com/uriparser/uriparser/pull/284
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/12/15/1

Match rules

CPE URI	Source package	Min version	Max version
	uriparser	>= 0	<= 0.9.9

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
uriparser	edge-community	0.9.9-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable
uriparser	edge-community	0.9.8-r2	Achill Gilgenast <achill@achill.org>	possibly vulnerable
uriparser	edge-community	0.9.8-r1	fossdd <fossdd@pwned.life>	possibly vulnerable
uriparser	edge-community	0.9.8-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
uriparser	edge-community	0.9.6-r0	Fabian Affolter <fabian@affolter-engineering.ch>	possibly vulnerable
uriparser	3.23-community	0.9.9-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable
uriparser	3.22-community	0.9.8-r1	fossdd <fossdd@pwned.life>	possibly vulnerable
uriparser	3.22-community	0.9.8-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
uriparser	3.22-community	0.9.6-r0	None	possibly vulnerable