CVE-2026-31870

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.37.1

Description cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. When using the streaming API (httplib::stream::Get, httplib::stream::Post, etc.), the library directly calls std::stoull() on the Content-Length header value received from a server without input validation or exception handling. std::stoull() throws std::invalid argument for non-numeric strings and std::out of range for values exceeding ULLONG MAX. Because these exceptions are not handled, the C++ runtime calls std::terminate(), terminating the process with SIGABRT. Any server the client connects to—including those reached via HTTP redirects or through man-in-the-middle positions—can crash the client application with a single HTTP response. No authentication or user interaction is required, and the crash is deterministic and immediate.

Recommendations Versions prior to 0.37.1 should be updated to version 0.37.1 or later.