SUSE CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

curl: Curl_compareheader() fails to match multi-value HTTP headers

Summary Curlcompareheader in lib/http.c fails to scan the full value of HTTP headers for substring matches. Due to an incorrect loop condition, only the first byte position of the header value is checked. This causes curl to miss connection options like close when they appear as non-first tokens ...

GHSA-WCWH-7GFW-5WRR Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section

Summary http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to: - Bypass front-end servers security controls - Launch targeted attacks against active users - Poison web caches Pre-requisites for the exploitatio...

BIT-LIBPYTHON-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

CLSA-2025-1749569869 libsoup: Fix of 3 CVEs

CVE-2025-46420: fix memory leaks in the soupheaderparsequalitylist - CVE-2025-32050: fix using int instead of sizet for strcspn return to avoid buffer under-read - CVE-2025-32052: fix heap buffer overflow in soupcontentsniffersniff...

Security update for etcd

This update for etcd fixes the following issues: Update to version 3.5.21: CVE-2025-30204: Fixed a bug that could allow excessive memory allocation during header parsing in jwt-go. bsc1240515 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2024-20877

Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code...

nodejs: HTTP request smuggling due to CR-to-Hyphen conversion

A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to...

squid: parsing of header Proxy-Authentication leads to memory corruption

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends...

rpm: crashes and overflows on malformed header

RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to 1 the...

Critical: Red Hat Security Advisory: fetchmail security update

Updated Fetchmail packages are available for Red Hat Linux Advanced Server which close a remotely-exploitable vulnerability in unpatched versions of Fetchmail prior to 6.2.0. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation Fetchmail is a remote mail retrieval and forwarding...