CVE-2025-67899

EUVD-2025-203311
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
mitreCNA
2.9 LOW
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
uriparser_projecturiparser
𝑥
≤ 0.9.9
CNA
Debian logo
Debian Releases
Debian Product
Codename
uriparser
bookworm
no-dsa
bullseye
postponed
bullseye (security)
vulnerable
forky
1.0.1+dfsg-1
fixed
sid
1.0.1+dfsg-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
uriparser
bionic
Fixed 0.8.4-1+deb9u2ubuntu0.1+esm2
released
focal
Fixed 0.9.3-2ubuntu0.1~esm4
released
jammy
Fixed 0.9.6+dfsg-1ubuntu0.1~esm2
released
noble
Fixed 0.9.7+dfsg-2ubuntu0.1~esm2
released
plucky
ignored
questing
needed
resolute
needed
trusty
Fixed 0.7.5-1ubuntu2+esm5
released
xenial
ignored