Security update for cpp-httplib SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20600-1 Final 1 1 2026-03-02T10:16:12Z current 2026-03-02T10:16:12Z 2026-03-02T10:16:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for cpp-httplib This update for cpp-httplib fixes the following issues: - CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion (bsc#1246471). - CVE-2025-53628: HTTP header smuggling due to insecure trailers merge (bsc#1246468). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLES-16.0-333 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620600-1/ Link for SUSE-SU-2026:20600-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024613.html E-Mail link for SUSE-SU-2026:20600-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1246468 SUSE Bug 1246468 https://bugzilla.suse.com/1246471 SUSE Bug 1246471 https://www.suse.com/security/cve/CVE-2025-53628/ SUSE CVE CVE-2025-53628 page https://www.suse.com/security/cve/CVE-2025-53629/ SUSE CVE CVE-2025-53629 page SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 libcpp-httplib0_22-0.22.0-160000.4.1 libcpp-httplib0_22-0.22.0-160000.4.1 as a component of SUSE Linux Enterprise Server 16.0 libcpp-httplib0_22-0.22.0-160000.4.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629. CVE-2025-53628 SUSE Linux Enterprise Server 16.0:libcpp-httplib0_22-0.22.0-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:libcpp-httplib0_22-0.22.0-160000.4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620600-1/ https://www.suse.com/security/cve/CVE-2025-53628.html CVE-2025-53628 https://bugzilla.suse.com/1246468 SUSE Bug 1246468 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628. CVE-2025-53629 SUSE Linux Enterprise Server 16.0:libcpp-httplib0_22-0.22.0-160000.4.1 SUSE Linux Enterprise Server for SAP applications 16.0:libcpp-httplib0_22-0.22.0-160000.4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620600-1/ https://www.suse.com/security/cve/CVE-2025-53629.html CVE-2025-53629 https://bugzilla.suse.com/1246471 SUSE Bug 1246471