Uriparser Project Uriparser vulnerabilities

9 known vulnerabilities affecting uriparser_project/uriparser.

Total CVEs

9

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL3HIGH2MEDIUM3LOW1

Vulnerabilities

Page 1 of 1

CVE-2025-67899LOWCVSS 2.9≤ 0.9.92025-12-14

CVE-2025-67899 [LOW] CWE-674 CVE-2025-67899: uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMu uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

CVE-2024-34402HIGHCVSS 8.6≤ 0.9.72024-05-03

CVE-2024-34402 [HIGH] CWE-190 CVE-2024-34402: An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

CVE-2024-34403MEDIUMCVSS 5.9≤ 0.9.72024-05-03

CVE-2024-34403 [MEDIUM] CWE-190 CVE-2024-34403: An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an inte An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

CVE-2021-46142MEDIUMCVSS 5.5fixed in 0.9.62022-01-06

CVE-2021-46142 [MEDIUM] CWE-416 CVE-2021-46142: An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormali An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

CVE-2021-46141MEDIUMCVSS 5.5fixed in 0.9.62022-01-06

CVE-2021-46141 [MEDIUM] CWE-416 CVE-2021-46141: An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUri An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

CVE-2018-20721CRITICALCVSS 9.8fixed in 0.9.12019-01-16

CVE-2018-20721 [CRITICAL] CWE-125 CVE-2018-20721: URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functi URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.

CVE-2018-19198CRITICALCVSS 9.8fixed in 0.9.02018-11-12

CVE-2018-19198 [CRITICAL] CWE-787 CVE-2018-19198: An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a ur An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.

CVE-2018-19199CRITICALCVSS 9.8fixed in 0.9.02018-11-12

CVE-2018-19199 [CRITICAL] CWE-190 CVE-2018-19199: An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriCo An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.

CVE-2018-19200HIGHCVSS 7.5fixed in 0.9.02018-11-12

CVE-2018-19200 [HIGH] CWE-476 CVE-2018-19200: An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL i An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.