Fluid Attacks Database

Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	cpp-httplib	=0.11.4+ds-1 \|\| =0.11.4+ds-1+deb12u1 \|\| =0.11.4+ds-2 \|\| =0.11.4+ds-3 \|\| =0.13.1+ds-1 \|\| =0.14.0+ds-1 \|\| =0.14.1+ds-1 \|\| =0.14.1+ds-2 \|\| =0.14.2+ds-1 \|\| =0.14.3+ds-1 \|\| =0.14.3+ds-1.1 \|\| =0.14.3+ds-1.1~exp1 \|\| =0.15.3+ds-1 \|\| =0.15.3+ds-2 \|\| =0.15.3+ds-3 \|\| =0.16.0+ds-1 \|\| =0.16.3+ds-1 \|\| =0.16.3+ds-2 \|\| =0.18.0+ds-1 \|\| =0.18.7-1 \|\| =0.20.1+ds-3 \|\| =0.25.0+ds-1 \|\| =0.26.0+ds-2 \|\| =0.41.0+ds-1 \|\| =0.41.0+ds-2 \|\| =0.41.0+ds-3	-
debian 13	cpp-httplib	=0.18.7-1 \|\| =0.18.7-1+deb13u1 \|\| =0.20.1+ds-3 \|\| =0.25.0+ds-1 \|\| =0.26.0+ds-2 \|\| =0.41.0+ds-1 \|\| =0.41.0+ds-2 \|\| =0.41.0+ds-3	-
debian 14	cpp-httplib	=0.18.7-1 \|\| =0.20.1+ds-3 \|\| =0.25.0+ds-1 \|\| >=0 <0.25.0+ds-3	0.25.0+ds-3

Aliases

1. CVE-2025-536282. NVD-2025-536283. OSV-DEBIAN-2025-536284. OSV-2025-536285. SECURITY-TRACKER-CVE-2025-53628

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.