Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 42: cpp-httplib Critical Denial of Service Issues 2026-3b0e5b457d

fedora
Calendar Grey January 22, 2026
Dist Fedora Esm H88
Critical Fedora 42 update for cpp-httplib addresses denial of service and header injection issues. Immediate action advised.
Update to 0.30.1 Denial of service (DOS) using zip bomb (CVE-2026-22776) CRLF injection in http headers (CVE-2026-21428) Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP T...

Summary

A C++11 single-file header-only cross platform HTTP/HTTPS library.

It's extremely easy to setup. Just include the httplib.h file in your code!

Update Information:

Update to 0.30.1 Denial of service (DOS) using zip bomb (CVE-2026-22776) CRLF injection in http headers (CVE-2026-21428) Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577) https://github.com/yhirose/cpp-httplib/releases/tag/v0.30.1

Topics%20covered

Topics Covered

security advisory denial of service fedora critical http library http headers

Change Log

* Tue Jan 13 2026 Petr Men\u0161k - 0.30.1-5 - Switch to GCC 15 test fix with active PR * Tue Jan 13 2026 Petr Men\u0161k - 0.30.1-4 - Drop 32 bit support like upstream did * Mon Jan 12 2026 Petr Men\u0161k - 0.30.1-3 - fixup! Fix tests in last release * Mon Jan 12 2026 Petr Men\u0161k - 0.30.1-2 - Fix tests in last release * Mon Jan 12 2026 Petr Men\u0161k - 0.30.1-1 - Update to 0.30.1 (rhbz#2406686) * Sat Aug 30 2025 Orion Poplawski - 0.26.0-1 - Update to 0.26.0 (CVE-2025-53629) * Wed Jul 23 2025 Fedora Release Engineering - 0.20.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Fri May 9 2025 Orion Poplawski - 0.20.1-1 - Update to 0.20.1

References


[ 1 ] Bug #2364284 - CVE-2025-46728 cpp-httplib: cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2364284 [ 2 ] Bug #2379431 - CVE-2025-53629 cpp-httplib: cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2379431 [ 3 ] Bug #2419548 - CVE-2025-66570 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419548 [ 4 ] Bug #2419631 - CVE-2025-66577 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419631 [ 5 ] Bug #2426699 - CVE-2026-21428 cpp-httplib: cpp-httplib: Server-Side Request Forgery via header injection [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2426699 [ 6 ] Bug #2428893 - CVE-2026-22776 cpp-h...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3b0e5b457d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cpp-httplib
Product: Fedora 42
Version: 0.30.1
Release: 5.fc42
URL: https://github.com/yhirose/cpp-httplib
Summary: A C++11 single-file header-only cross platform HTTP/HTTPS library

Topics%20covered

Topics Covered

security advisory denial of service fedora critical http library http headers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here