Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6DescriptionCVE.org
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
AnalysisAI
uriparser before 1.0.1 suffers a numeric truncation vulnerability in text range comparison that causes denial of service when processing URIs with gigabyte-scale lengths. The flaw occurs because internal range comparisons truncate large numeric values, allowing maliciously crafted oversized URIs to bypass length validation and trigger memory exhaustion or processing failures. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three specific conditions: (1) the application must accept and forward untrusted URIs directly to uriparser without independent length validation; (2) the application must not have external limits on URI size (HTTP server limits, network layer restrictions, or application-level input bounds); and (3) the URI must contain a component with a length field exceeding integer overflow thresholds (approximately 2 GB for 32-bit signed integers or 4 GB for unsigned 32-bit). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 5.1 with local attack vector (AV:L), high complexity (AC:H), no privileges required, no user interaction, and universal scope (S:U) indicates a low-severity but real denial-of-service risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious URI with a component length field claiming multiple gigabytes (e.g., a crafted query string header asserting 5 GB of data). If a local application or service processes this URI without pre-validating its declared size and passes it directly to uriparser, the library's range comparison overflows, truncating the large integer. … |
| Remediation | Upgrade uriparser to version 1.0.1 or later. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
The EqualsUri function in uriparser before version 1.0.2 incorrectly classifies structurally distinct URIs as equivalent
Pointer difference truncation to signed int in uriparser before version 1.0.2 allows local attackers to cause integer ov
Same weakness CWE-197 – Numeric Truncation Error
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25776