2422120 – (CVE-2025-67899) CVE-2025-67899 uriparser: uriparser: Unbounded recursion and stack consumption via large input

Bug 2422120 (CVE-2025-67899) - CVE-2025-67899 uriparser: uriparser: Unbounded recursion and stack consumption via large input

Summary: CVE-2025-67899 uriparser: uriparser: Unbounded recursion and stack consumptio...

Keywords:
Status:	NEW
Alias:	CVE-2025-67899
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2423023 2423024 2423025 2423026 2423027
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-14 23:01 UTC by OSIDB Bzimport
Modified:	2025-12-17 06:45 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-14 23:01:29 UTC

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

Note You need to log in before you can comment on or make changes to this bug.