HIGH🇬🇧 English

CVE-2026-46527

CVSS 8.7v4.0pub. 2026-05-29upd. 2026-06-01

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid IP segments. The code path then executes get_client_ip(), which calls front() on an empty std::vector—undefined behavior in C++. On typical implementations this manifests as abnormal process termination (denial of service). With Sanitizers enabled, you get an explicit runtime diagnostic. This vulnerability is fixed in 0.44.0.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Yhirose Cpp Httplib

    APP
    Yhirose
    < 0.44.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-45372CRITICAL9.9PL ✓ten sam produkt

cpp-httplib: HTTP response splitting poprzez header injection (CRLF injection)

CVE-2025-66570CRITICAL10.0PL ✓ten sam produkt

cpp-httplib: spoofing nagłówków HTTP umożliwia bypass autoryzacji i zatrucie logów

CVE-2026-33745HIGH7.4ten sam produkt

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-htt...

CVE-2026-32627HIGH8.7ten sam produkt

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-...

CVE-2026-31870HIGH7.5ten sam produkt

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-...

CVE-2026-46527 — HIGH 8.7 | CVEbaza.pl