Описание
Security update for cpp-httplib
This update for cpp-httplib fixes the following issues:
- CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion (bsc#1246471).
- CVE-2025-53628: HTTP header smuggling due to insecure trailers merge (bsc#1246468).
Список пакетов
openSUSE Leap 16.0
cpp-httplib-devel-0.22.0-160000.4.1
libcpp-httplib0_22-0.22.0-160000.4.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1246468
- SUSE Bug 1246471
- SUSE CVE CVE-2025-53628 page
- SUSE CVE CVE-2025-53629 page
Описание
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629.
Затронутые продукты
openSUSE Leap 16.0:cpp-httplib-devel-0.22.0-160000.4.1
openSUSE Leap 16.0:libcpp-httplib0_22-0.22.0-160000.4.1
Ссылки
- CVE-2025-53628
- SUSE Bug 1246468
Описание
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628.
Затронутые продукты
openSUSE Leap 16.0:cpp-httplib-devel-0.22.0-160000.4.1
openSUSE Leap 16.0:libcpp-httplib0_22-0.22.0-160000.4.1
Ссылки
- CVE-2025-53629
- SUSE Bug 1246471