Lucene search
+L

290 matches found

Snyk
Snyk
added 2025/05/06 1:43 a.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of incoming HTTP requests with Transfer-Encoding: chunked or without a Content-Length header. An attacker can cause uncontrolled memory allocation on the server b...

9.2CVSS7AI score0.00603EPSS
Exploits1References2
NVD
NVD
added 2025/05/06 1:15 a.m.15 views

CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS0.00603EPSS
Exploits1References2
OSV
OSV
added 2025/05/06 1:15 a.m.3 views

DEBIAN-CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS7.3AI score0.00603EPSS
Exploits1References1
OSV
OSV
added 2025/05/06 1:15 a.m.3 views

UBUNTU-CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS5.8AI score0.00603EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/06 12:45 a.m.47 views

CVE-2025-46728 cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS0.00603EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/06 12:45 a.m.13 views

CVE-2025-46728 cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS7AI score0.00603EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2025/05/06 12:45 a.m.66 views

CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS7.4AI score0.00603EPSS
Exploits1
CVE
CVE
added 2025/05/06 12:45 a.m.88 views

CVE-2025-46728

Summary (CVE-2025-46728) : The cpp-httplib library (a header-only C++ HTTP/S library) is vulnerable in versions before 0.20.1 due to failure to enforce size limits on incoming request bodies when using Transfer-Encoding: chunked or when no Content-Length is provided. A remote attacker can send ch...

7.5CVSS7.6AI score0.00603EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/05/06 12:45 a.m.11 views

CVE-2025-46728 cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS7.4AI score0.00603EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.4 views

cpp-httplib 资源管理错误漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A resource management error vulnerability exists in cpp-httplib versions prior to 0.20.1, which stems from not enforcing the request body size limit, and could lead to memory exhaustion and ...

7.5CVSS7.3AI score0.00603EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.3 views

PT-2025-19817

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.20.1 Description cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. The library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or...

7.5CVSS7.7AI score0.00603EPSS
Exploits1References34
OSV
OSV
added 2025/02/14 12:12 p.m.5 views

OESA-2025-1117 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables...

6.9CVSS7AI score0.00394EPSS
Exploits1References2
OSV
OSV
added 2025/02/04 3:15 p.m.4 views

DEBIAN-CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

5.3CVSS5.3AI score0.00394EPSS
Exploits1References1
NVD
NVD
added 2025/02/04 3:15 p.m.10 views

CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

6.9CVSS0.00394EPSS
Exploits1References2
OSV
OSV
added 2025/02/04 3:15 p.m.9 views

UBUNTU-CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

6.9CVSS5.8AI score0.00394EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/02/04 2:11 p.m.21 views

CVE-2025-0825 CRLF injection in Cpp-httplib

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

6.9CVSS7.4AI score0.00394EPSS
Exploits1References2
CVE
CVE
added 2025/02/04 2:11 p.m.75 views

CVE-2025-0825

CVE-2025-0825 affects the C++ header-only library cpp-httplib, where versions v0.17.3 through v0.18.3 do not filter CRLF characters when preceded by a null byte. The underlying issue enables CRLF injection, which could lead to HTTP Response Splitting and related risks (e.g., XSS) as described in ...

6.9CVSS7.2AI score0.00394EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/02/04 2:11 p.m.19 views

CVE-2025-0825 CRLF injection in Cpp-httplib

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

6.9CVSS0.00394EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2025/02/04 2:11 p.m.11 views

CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

6.9CVSS5.3AI score0.00394EPSS
Exploits1
OSV
OSV
added 2025/02/04 2:11 p.m.16 views

CVE-2025-0825 CRLF injection in Cpp-httplib

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

6.9CVSS6AI score0.00394EPSS
Exploits1References5
Rows per page
Query Builder