{"schema_version":"1.7.2","id":"OESA-2025-1610","modified":"2025-06-06T14:04:23Z","published":"2025-06-06T14:04:23Z","upstream":["CVE-2025-46728"],"summary":"cpp-httplib security update","details":"A C++11 single-file header-only cross platform HTTP/HTTPS library. It\u0026amp;apos;s extremely easy to setup. Just include httplib.h file in your code!\r\n\r\nSecurity Fix(es):\n\ncpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is provided. A remote attacker can send a chunked request without the terminating zero-length chunk, causing uncontrolled memory allocation on the server. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.20.1 fixes the issue by enforcing limits during parsing. If the limit is exceeded at any point during reading, the connection is terminated immediately. A short-term workaround through a Reverse Proxy is available. If updating the library immediately is not feasible, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the `cpp-httplib` application. Configure the proxy to enforce maximum request body size limits, thereby stopping excessively large requests before they reach the vulnerable library code.(CVE-2025-46728)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"cpp-httplib","purl":"pkg:rpm/openEuler/cpp-httplib\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.12.4-4.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["cpp-httplib-0.12.4-4.oe2203sp4.aarch64.rpm"],"src":["cpp-httplib-0.12.4-4.oe2203sp4.src.rpm"],"x86_64":["cpp-httplib-0.12.4-4.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1610"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46728"}],"database_specific":{"severity":"High"}}