CVE-2019-12160

GoHTTP through 2017-07-25 has a sendHeader use-after-free...

CVE-2025-53007

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

CVE-2025-53007

Arduino-ESP32 (Arduino core for ESP32) prior to 3.3.0-RC1 and 3.2.1 is affected by an HTTP Response Splitting vulnerability in WebServer.cpp: the sendHeader function accepts unvalidated header name/value, enabling CRLF injection to add headers or disrupt the HTTP response. Impact can include head...

Design/Logic Flaw

GoHTTP through 2017-07-25 has a sendHeader use-after-free...

CVE-2019-12160

GoHTTP through 2017-07-25 has a sendHeader use-after-free...

CVE-2019-12160

CVE-2019-12160 affects GoHTTP up to 2017-07-25, with a use-after-free in the sendHeader path. The issue is described consistently across NVD/Red Hat/NVD mirror entries; no exploit details or fixes are provided in the supplied documents. The CVSS data indicates a high to critical impact profile (n...