Описание
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.
A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. A remote attacker can exploit this vulnerability by sending a specially crafted compressed HTTP request. While the library checks the size of the compressed data, it does not properly limit the size of the data after decompression, leading to excessive memory consumption. This can result in a Denial of Service (DoS), making the affected system unavailable.
Отчет
This vulnerability is rated Important for Red Hat because it can lead to a denial of service in applications utilizing the cpp-httplib library to process compressed HTTP request bodies. The flaw occurs due to the library's failure to limit the size of decompressed data, allowing a small compressed payload to consume excessive memory.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...
EPSS
7.5 High
CVSS3