CVE-2025-46728

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.20.1

Description cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Versions prior to 0.20.1 do not enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. This allows a remote attacker to send a chunked request without the terminating zero-length chunk, leading to uncontrolled memory allocation. This can result in exhaustion of system memory and a server crash or unresponsiveness.

Recommendations Upgrade to cpp-httplib version 0.20.1 or later. As a temporary workaround, deploy a reverse proxy (e.g., Nginx, HAProxy) and configure it to enforce maximum request body size limits.