CVE-2025-53628

Publication date 10 July 2025

Last updated 10 July 2026


Ubuntu priority

Cvss 3 Severity Score

8.8 · High

Score breakdown

Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629.

Status

Package Ubuntu Release Status
cpp-httplib 26.04 LTS resolute
Vulnerable
25.10 questing Ignored end of life, was needed
25.04 plucky Ignored end of life, was needs-triage
24.04 LTS noble
Vulnerable
22.04 LTS jammy
Vulnerable

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
cpp-httplib

Severity score breakdown

CVSS version:

Base score 6.3 · Medium

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Base score 8.8 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H


Access our resources on patching vulnerabilities