CVE-2025-46728 cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

cpp-httplib 资源管理错误漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A resource management error vulnerability exists in cpp-httplib versions prior to 0.20.1, which stems from not enforcing the request body size limit, and could lead to memory exhaustion and ...

PT-2025-19817

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.20.1 Description cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. The library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or...

OESA-2025-1117 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables...

DEBIAN-CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

UBUNTU-CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

CVE-2025-0825 CRLF injection in Cpp-httplib

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

CVE-2025-0825 CRLF injection in Cpp-httplib

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

CVE-2025-0825

CVE-2025-0825 affects the C++ header-only library cpp-httplib, where versions v0.17.3 through v0.18.3 do not filter CRLF characters when preceded by a null byte. The underlying issue enables CRLF injection, which could lead to HTTP Response Splitting and related risks (e.g., XSS) as described in ...

CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

PT-2025-4064 · Unknown +1 · Cpp-Httplib +1

Name of the Vulnerable Software and Affected Versions: cpp-httplib versions v0.17.3 through v0.18.3 Description: The issue allows attackers to exploit CRLF injection, which could lead to HTTP Response Splitting, XSS, and more, by not filtering CRLF characters r when those are prefixed with a null...

PT-2025-49305

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.27.0 Description The cpp-httplib library has a flaw where attacker-controlled HTTP headers can influence server metadata, logging, and authorization decisions. An attacker can inject headers such as REMOTE ADDR,...

PT-2025-49306

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.27.0 Description The software is a C++11 single-file header-only cross-platform HTTP/HTTPS library. A flaw exists where attacker-controlled HTTP headers can affect server-visible metadata, logging, and...

Fedora 39 : et (2024-94a155818c)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-94a155818c advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

Fedora 40 : et (2024-b745c97f4b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b745c97f4b advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

OESA-2023-1365 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code Security Fixes: Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the...

OESA-2023-1364 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code Security Fixes: Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the...