HIGH🇬🇧 English

CVE-2026-28435

CVSS 7.5v3.1pub. 2026-03-04upd. 2026-03-05

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (streaming ContentReader) with Content-Encoding: gzip (or other supported encodings). A small compressed payload can expand beyond the configured payload limit and be processed by the application, enabling a payload size limit bypass and potential denial of service (CPU/memory exhaustion). This vulnerability is fixed in 0.35.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Yhirose Cpp Httplib

    APP
    Yhirose
    < 0.35.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-45372CRITICAL9.9PL ✓ten sam produkt

cpp-httplib: HTTP response splitting poprzez header injection (CRLF injection)

CVE-2025-66570CRITICAL10.0PL ✓ten sam produkt

cpp-httplib: spoofing nagłówków HTTP umożliwia bypass autoryzacji i zatrucie logów

CVE-2026-46527HIGH8.7ten sam produkt

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the se...

CVE-2026-33745HIGH7.4ten sam produkt

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-htt...

CVE-2026-32627HIGH8.7ten sam produkt

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-...