EUVD-2025-19196

| CVE-2025-52887 HIGH
2025-06-26 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 15, 2026 - 23:54 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 23:54 euvd
EUVD-2025-19196
Patch Released
Mar 15, 2026 - 23:54 nvd
Patch available
PoC Detected
Aug 06, 2025 - 19:15 vuln.today
Public exploit code
CVE Published
Jun 26, 2025 - 15:15 nvd
HIGH 7.5

Tags

Denial Of Service Ubuntu Debian Cpp Httplib Redhat Suse

Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.

Analysis

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.

Technical Context

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400).

Affected Products

Affected products: Yhirose Cpp-Httplib 0.21.0

Remediation

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Priority Score

58
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +38
POC: +20

Vendor Status

Ubuntu

Priority: Medium
cpp-httplib
Release Status Version
plucky ignored end of life, was needs-triage
jammy needed -
noble needed -
upstream released 0.22.0
oracular ignored end of life, was needs-triage
questing needed -

Debian

cpp-httplib
Release Status Fixed Version Urgency
bookworm fixed 0.11.4+ds-1+deb12u1 -
forky, sid, trixie fixed 0.18.7-1 -
(unstable) not-affected - -

Share

EUVD-2025-19196 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy