283 matches found
CVE-2026-28434
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...
CVE-2026-28435
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...
CVE-2026-28435 Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies in cpp-httplib
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...
CVE-2026-28435 Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies in cpp-httplib
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...
CVE-2026-28435
CVE-2026-28435 affects the cpp-httplib single-file header-only library. Before 0.35.0, the library does not enforce a payload max length on decompressed request bodies when using HandlerWithContentReader with Content-Encoding: gzip (or other encodings). A small compressed payload can expand beyon...
CVE-2026-28435
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...
CVE-2026-28434 cpp-httplib's default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...
CVE-2026-28434 cpp-httplib's default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...
CVE-2026-28434
The CVE affects cpp-httplib (C++11 single-file header-only library). Before 0.35.0, if a request handler throws an exception and no custom exception handler is registered via set_exception_handler(), the library writes the exception message into the HTTP response header EXCEPTION_WHAT and sends i...
CVE-2026-28434
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...
CVE-2026-28434 cpp-httplib's default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...
cpp-httplib 安全漏洞
cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.35.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of payload size restrictions on decompressed request...
PT-2026-23046
Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.35.0 Description cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Before version 0.35.0, the library does not enforce the payload size limit configured via Server::set payload ma...
OPENSUSE-SU-2026:20295-1 Security update for cpp-httplib
This update for cpp-httplib fixes the following issues: - CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion bsc1246471. - CVE-2025-53628: HTTP header smuggling due to insecure trailers merge bsc1246468...
SUSE-SU-2026:20600-1 Security update for cpp-httplib
This update for cpp-httplib fixes the following issues: - CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion bsc1246471. - CVE-2025-53628: HTTP header smuggling due to insecure trailers merge bsc1246468...
[SECURITY] Fedora 43 Update: cpp-httplib-0.30.1-5.fc43
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...
Fedora 43 : cpp-httplib (2026-e50e41fcea)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e50e41fcea advisory. Update to 0.30.1 - Denial of service DOS using zip bomb CVE-2026-22776 - CRLF injection in http headers CVE-2026-21428 - Untrusted HTTP Header...
SUSE: Security Advisory (SUSE-SU-2026:20090-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : cpp-httplib (2026-3b0e5b457d)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b0e5b457d advisory. Update to 0.30.1 - Denial of service DOS using zip bomb CVE-2026-22776 - CRLF injection in http headers CVE-2026-21428 - Untrusted HTTP Header...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : cpp-httplib vulnerability (USN-7962-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7962-1 advisory. It was discovered that cpp-httplib did not correctly handle HTTP headers. A remote attacker could possibly use this issue to bypass...