VYPR
Unrated severityOSV Advisory· Published Feb 4, 2025· Updated May 23, 2025

CRLF injection in Cpp-httplib

CVE-2025-0825

Description

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Yhirose/Cpp HttplibOSV2 versions
    v0.17.3, v0.18.0, v0.18.1, …+ 1 more
    • (no CPE)range: v0.17.3, v0.18.0, v0.18.1, …
    • (no CPE)range: >=0.17.3, <=0.18.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.