These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A denial-of-service vulnerability exists in cpp-httplib prior to version 0.44.0. When a server has configured a non-empty trusted proxy list via Server::set_trusted_proxies(), an attacker can send an HTTP request containing an X-Forwarded-For header with a value that parses to no valid IP segments. This triggers get_client_ip() to call front() on an empty std::vector, resulting in undefined behavior that [truncated]
A critical vulnerability exists in cpp-httplib prior to version 0.44.0, where percent-encoded CRLF sequences (%0D%0A) in HTTP header values bypass validity checks and are decoded to literal carriage return and line feed bytes. The is_field_value check runs before percent-decoding, allowing attackers to inject header value terminators into stored header values. This affects all header values except Locatio [truncated]
A vulnerability in cpp-httplib prior to version 0.43.4 allows remote attackers to cause denial of service through unbounded memory allocation and process crash. The issue stems from improper validation of negative chunk-size values in HTTP chunked Transfer-Encoding. The ChunkedDecoder::read_payload function uses std::strtoul() to parse chunk sizes, which silently accepts leading minus signs and performs u [truncated]