CVE-2025-53629

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...

cpp-httplib 安全漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A security vulnerability exists in cpp-httplib versions prior to 0.23.0, which stems from a Transfer-Encoding: chunked header that could cause the server to run out of memory...

Important: rclone

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: runc

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1040)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1040 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Amazon Linux 2 : runc (ALASECS-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

Amazon Linux 2 : runc (ALASDOCKER-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

Amazon Linux 2023 : runc (ALAS2023-2025-1041)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1041 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Important: cni-plugins

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1012)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1012 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

Important: containerd

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: cni-plugins

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

OESA-2025-1611 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-978)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-978 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

[SECURITY] [DLA 4187-1] varnish security update

Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 28, 2025 https://wiki.debian.org/LTS Package : varnish Version : 6.5.1-1+deb11u5 CVE ID : CVE-2025-47905 A client-side desync vulnerability can be triggered in Varnish, a...

Amazon Linux 2 : nerdctl (ALAS-2025-2863)

The version of nerdctl installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2863 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...

Amazon Linux 2 : oci-add-hooks (ALASNITRO-ENCLAVES-2025-061)

The version of oci-add-hooks installed on the remote host is prior to 0-0.3.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-061 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid...

Debian dla-4187 : libvarnishapi-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4187 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/...

CVE-2020-7659

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...