Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52887 | 1 Yhirose | 1 Cpp-httplib | 2025-08-06 | N/A | 7.5 HIGH |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue. | |||||
| CVE-2025-53629 | 1 Yhirose | 1 Cpp-httplib | 2025-08-06 | N/A | 7.5 HIGH |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628. | |||||
| CVE-2025-53628 | 1 Yhirose | 1 Cpp-httplib | 2025-08-06 | N/A | 8.8 HIGH |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629. | |||||
| CVE-2020-11709 | 1 Yhirose | 1 Cpp-httplib | 2025-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. | |||||
| CVE-2025-0825 | 1 Yhirose | 1 Cpp-httplib | 2025-08-04 | N/A | 5.3 MEDIUM |
| cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more. | |||||