CVE-2025-53629

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/yhirose/cpp-httplib/commit/17ba303889b8d4d719be3879a70639ab653efb99
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w

Configurations

No configuration.

History

15 Jul 2025, 13:14

Type	Values Removed	Values Added
Summary		(es) cpp-httplib es una librería HTTP/HTTPS multiplataforma de un solo archivo de encabezado para C++11. Antes de la versión 0.23.0, las solicitudes entrantes que usaban Transfer-Encoding: fragmentadas en el encabezado podían asignar memoria arbitrariamente en el servidor, lo que podría provocar su agotamiento. Esta vulnerabilidad se corrigió en la versión 0.23.0. NOTA: Esta vulnerabilidad está relacionada con CVE-2025-53628.

10 Jul 2025, 21:15

Type	Values Removed	Values Added
References	~~() https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w -~~	() https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w -

10 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 20:15

Updated : 2025-07-15 13:14

NVD link : CVE-2025-53629

Mitre link : CVE-2025-53629

CVE.ORG link : CVE-2025-53629

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

7.5 /10