CVE-2025-53629

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-53629
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-53629.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-53629
Downstream
Related
  • GHSA-j6p8-779x-p5pw
  • GHSA-qjmq-h3cc-qv6w
Published
2025-07-10T20:15:27Z
Modified
2025-07-11T12:50:28.343753Z
Summary
[none]
Details

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628.

References

Affected packages

Debian:12 / cpp-httplib

Package

Name
cpp-httplib
Purl
pkg:deb/debian/cpp-httplib?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.4+ds-1
0.11.4+ds-1+deb12u1
0.11.4+ds-2
0.11.4+ds-3
0.13.1+ds-1
0.14.0+ds-1
0.14.1+ds-1
0.14.1+ds-2
0.14.2+ds-1
0.14.3+ds-1
0.14.3+ds-1.1~exp1
0.14.3+ds-1.1
0.15.3+ds-1
0.15.3+ds-2
0.15.3+ds-3
0.16.0+ds-1
0.16.3+ds-1
0.16.3+ds-2
0.18.0+ds-1
0.18.7-1
0.20.1+ds-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / cpp-httplib

Package

Name
cpp-httplib
Purl
pkg:deb/debian/cpp-httplib?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.4+ds-1
0.11.4+ds-2
0.11.4+ds-3
0.13.1+ds-1
0.14.0+ds-1
0.14.1+ds-1
0.14.1+ds-2
0.14.2+ds-1
0.14.3+ds-1
0.14.3+ds-1.1~exp1
0.14.3+ds-1.1
0.15.3+ds-1
0.15.3+ds-2
0.15.3+ds-3
0.16.0+ds-1
0.16.3+ds-1
0.16.3+ds-2
0.18.0+ds-1
0.18.7-1
0.20.1+ds-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}