Skip to main content

Ubuntu EUVDEUVD-2025-19196

| CVE-2025-52887 HIGH
Uncontrolled Resource Consumption (CWE-400)
2025-06-26 security-advisories@github.com
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
EUVD ID Assigned
Mar 15, 2026 - 23:54 euvd
EUVD-2025-19196
Analysis Generated
Mar 15, 2026 - 23:54 vuln.today
Patch released
Mar 15, 2026 - 23:54 nvd
Patch available
PoC Detected
Aug 06, 2025 - 19:15 vuln.today
Public exploit code
CVE Published
Jun 26, 2025 - 15:15 nvd
HIGH 7.5

DescriptionGitHub Advisory

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.

Analysis

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400).

RemediationAI

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

CVE-2025-66570 CRITICAL POC
10.0 Dec 05

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allow

CVE-2025-53628 HIGH POC
8.8 Jul 10

CVE-2025-53628 is a memory exhaustion vulnerability in cpp-httplib versions prior to 0.20.1 that allows unauthenticated

CVE-2025-46728 HIGH POC
7.5 May 06

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2025-53629 HIGH POC
7.5 Jul 10

CVE-2025-53629 is a Denial of Service vulnerability in cpp-httplib versions prior to 0.23.0 that allows unauthenticated

CVE-2026-22776 HIGH POC
7.5 Jan 12

cpp-httplib versions prior to 0.30.1 are vulnerable to denial of service attacks due to insufficient validation of decom

CVE-2026-28435 HIGH POC
7.5 Mar 04

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. [CVSS 7.5 HIGH]

CVE-2026-21428 HIGH POC
7.5 Jan 01

Cpp-Httplib versions up to 0.30.0 contains a vulnerability that allows attackers to add extra headers, modify request bo

CVE-2020-11709 HIGH POC
7.5 Apr 12

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, whic

CVE-2026-29076 MEDIUM POC
5.9 Mar 07

Remote denial of service in cpp-httplib prior to version 0.37.0 allows unauthenticated attackers to crash server process

CVE-2025-66577 MEDIUM POC
5.3 Dec 05

A security vulnerability in cpp-httplib (CVSS 5.3) that allows attacker-controlled http headers. Risk factors: public Po

CVE-2026-28434 MEDIUM POC
5.3 Mar 04

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. [CVSS 5.3 MEDIUM]

CVE-2023-26130 HIGH
8.8 May 30

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is

Vendor StatusVendor

Ubuntu

Priority: Medium
cpp-httplib
Release Status Version
plucky ignored end of life, was needs-triage
jammy needed -
noble needed -
upstream released 0.22.0
oracular ignored end of life, was needs-triage
questing needed -

Debian

cpp-httplib
Release Status Fixed Version Urgency
bookworm fixed 0.11.4+ds-1+deb12u1 -
forky, sid, trixie fixed 0.18.7-1 -
(unstable) not-affected - -

SUSE

Severity: High
Product Status
SUSE Package Hub 15 SP6 Fixed
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Server 16.0 Fixed
SUSE Linux Enterprise Server 16.1 Fixed
SUSE Linux Enterprise Server for SAP applications 16.0 Fixed

Share

EUVD-2025-19196 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy