By weakness (CWE)
CWE-1285: related vulnerabilities
CVEs classified under CWE-1285. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-45352MEDIUM 5.3
cpp-httplib, a popular C++ HTTP library, contains a flaw in how it processes chunked HTTP transfers. When a malicious client sends a specially crafted HTTP request with a negative chunk size (like '-2'), the library's parsing logic mishandles it. Instead of rejecting the invalid value, it converts it to an extremely large number due to how C's strtoul function treats negative numbers. This causes the server to attempt allocating massive amounts of memory and reading far more data than expected, ultimately crashing the process. Applications using cpp-httplib versions before 0.43.4 are vulnerable.