CVE-2025-53629
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-08-06

Assigner: GitHub, Inc.

Description
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-08-06
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53629
EUVD
EUVD-2025-21055
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yhirose cpp-httplib to 0.23.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the cpp-httplib library versions prior to 0.23.0. It allows an attacker to send incoming HTTP requests with the header 'Transfer-Encoding: chunked' that can cause the server to allocate memory arbitrarily. This can lead to the server's memory being exhausted.


How can this vulnerability impact me? :

The vulnerability can lead to denial of service by exhausting the server's memory, potentially causing the server to crash or become unresponsive.


What immediate steps should I take to mitigate this vulnerability?

Upgrade cpp-httplib to version 0.23.0 or later, as this version contains the fix for the vulnerability related to arbitrary memory allocation from Transfer-Encoding: chunked headers.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart