uap-core is vulnerable to denial of service. A remote attacker is able to crash the application from excess resource consumption due to overlapping capture groups, by passing malicious values within the User-Agent
header in a HTTP request for parsing.