Описание
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.
A denial-of-service vulnerability, stemming from memory exhaustion, has been identified in the cpp-httplib C++ HTTP/HTTPS library. This flaw is a result of the library's insufficient limits on the processing of HTTP headers. A remote attacker could exploit this by sending specially crafted HTTP requests with overly large or numerous headers, causing excessive memory consumption and ultimately leading to a program crash. This impacts the availability and stability of applications using cpp-httplib.
Отчет
On Red Hat systems, any memory exhaustion will lead to the host operating system killing the offending program. The host system will continue operation.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...
Уязвимость функции read_headers() библиотеки cpp-httplib, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3