Hi.
During some research on library, I have found, that vulnerability in function boost::network::uri::decode can be used in Denial Of Service attacks.
Issue exist when user pass to in_begin argument few "%" characters. It results in out-of-bound read from null pointer.
For example:
std::string foo;
boost::network::uri::decode("%%%%%%%%%%%%%%%%", back_inserter(foo));
if (_it == '%') {
++it; <= PTR+1
value_type v0 = detail::letter_to_hex(_it);
++it; <= PTR+1
value_type v1 = detail::letter_to_hex(*it);
++it; <= PTR+1