1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109340: cpp-httplib: CVE-2025-52887 CVE-2025-53628 CVE-2025-53629

    From Bastian Germann@21:1/5 to All on Wed Jul 16 11:50:01 2025
    Control: found -1 0.18.7-1

    This is not specific to 0.21. Adding the test to 0.18.7, it fails:

    [ RUN ] ServerTest.HeaderCountExceedsLimit
    ../test/test.cc:3709: Failure
    Expected equality of these values:
    StatusCode::BadRequest_400
    Which is: 400
    res->status
    Which is: 200

    [ FAILED ] ServerTest.HeaderCountExceedsLimit (148 ms)
    [ ... ]
    [ RUN ] ServerTest.HeaderCountSecurityTest
    ../test/test.cc:3772: Failure
    Expected equality of these values:
    StatusCode::BadRequest_400
    Which is: 400
    res->status
    Which is: 404

    [ FAILED ] ServerTest.HeaderCountSecurityTest (147 ms)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrea Pappacoda@21:1/5 to All on Wed Jul 16 22:20:01 2025
    Hi Moritz,

    On Tue Jul 15, 2025 at 2:37 PM CEST, Moritz Mühlenhoff wrote:
    Package: cpp-httplib
    X-Debbugs-CC: [email protected]
    Severity: grave
    Tags: security

    Hi,

    The following vulnerabilities were published for cpp-httplib.

    CVE-2025-52887[0]:
    [...]
    CVE-2025-53628[1]:
    [...]
    CVE-2025-53629[2]:

    Thank you for the report.

    I'm in Debconf right now, and tomorrow I'll focus on fixing this. If
    you happen to be here, I'd be happy to meet you!

    Since upstream makes breaking changes quite often, I'm not sure I'll be
    able to easily backport the fixes. I'll focus on fixing CVE-2025-53629
    first, since the other too seem "just" memory leaks.

    Bye!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)