CVE-2025-53629

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-53629
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/yhirose/cpp-httplib/commit/17ba303889b8d4d719be3879a70639ab653efb99 Patch
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw Not Applicable
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w Exploit Vendor Advisory
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*
History

06 Aug 2025, 18:09

Type Values Removed Values Added
References () https://github.com/yhirose/cpp-httplib/commit/17ba303889b8d4d719be3879a70639ab653efb99 - () https://github.com/yhirose/cpp-httplib/commit/17ba303889b8d4d719be3879a70639ab653efb99 - Patch
References () https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw - () https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw - Not Applicable
References () https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w - () https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w - Exploit, Vendor Advisory
First Time Yhirose
Yhirose cpp-httplib
CPE cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*

15 Jul 2025, 13:14

Type Values Removed Values Added
Summary
  • (es) cpp-httplib es una librería HTTP/HTTPS multiplataforma de un solo archivo de encabezado para C++11. Antes de la versión 0.23.0, las solicitudes entrantes que usaban Transfer-Encoding: fragmentadas en el encabezado podían asignar memoria arbitrariamente en el servidor, lo que podría provocar su agotamiento. Esta vulnerabilidad se corrigió en la versión 0.23.0. NOTA: Esta vulnerabilidad está relacionada con CVE-2025-53628.

10 Jul 2025, 21:15

Type Values Removed Values Added
References () https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w - () https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w -

10 Jul 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-10 20:15

Updated : 2025-08-06 18:09

NVD link : CVE-2025-53629

Mitre link : CVE-2025-53629

CVE.ORG link : CVE-2025-53629

JSON object : View

Products Affected

yhirose

  • cpp-httplib
CWE
CWE-770

Allocation of Resources Without Limits or Throttling