CVE-2025-53628

Publication date 10 July 2025

Last updated 16 July 2025

Ubuntu priority

Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cpp-httplib	25.10 questing	Needs evaluation
	25.04 plucky	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-53628
https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w