FKIE_CVE-2026-29076

Vulnerability from fkie_nvd - Published: 2026-03-07 16:15 - Updated: 2026-03-09 21:19
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep recursion, consuming one stack frame per input character. An attacker can send a single HTTP POST request with a crafted filename* parameter that causes uncontrolled stack growth, resulting in a stack overflow (SIGSEGV) that crashes the server process. This issue has been patched in version 0.37.0.
References
security-advisories@github.comhttps://github.com/yhirose/cpp-httplib/commit/de296af3eb5b0d5c116470e033db900e4812c5e6Patch
security-advisories@github.comhttps://github.com/yhirose/cpp-httplib/releases/tag/v0.37.0Product, Release Notes
security-advisories@github.comhttps://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qq6v-r583-3h69Exploit, Vendor Advisory
Impacted products
Vendor Product Version
yhirose cpp-httplib *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF662624-3D9C-43DE-BAA8-29A734A27040",
              "versionEndExcluding": "0.37.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep recursion, consuming one stack frame per input character. An attacker can send a single HTTP POST request with a crafted filename* parameter that causes uncontrolled stack growth, resulting in a stack overflow (SIGSEGV) that crashes the server process. This issue has been patched in version 0.37.0."
    },
    {
      "lang": "es",
      "value": "cpp-httplib es una biblioteca HTTP/HTTPS C++11 de un solo archivo, solo de encabezado y multiplataforma. Antes de la versi\u00f3n 0.37.0, cpp-httplib utiliza std::regex (libstdc++) para analizar valores filename* codificados seg\u00fan RFC 5987 en encabezados Content-Disposition multipart. El motor de expresiones regulares en libstdc++ implementa retroceso mediante recursi\u00f3n profunda, consumiendo un marco de pila por cada car\u00e1cter de entrada. Un atacante puede enviar una \u00fanica solicitud HTTP POST con un par\u00e1metro filename* manipulado que causa un crecimiento descontrolado de la pila, resultando en un desbordamiento de pila (SIGSEGV) que bloquea el proceso del servidor. Este problema ha sido parcheado en la versi\u00f3n 0.37.0."
    }
  ],
  "id": "CVE-2026-29076",
  "lastModified": "2026-03-09T21:19:35.750",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-07T16:15:54.193",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/yhirose/cpp-httplib/commit/de296af3eb5b0d5c116470e033db900e4812c5e6"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qq6v-r583-3h69"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-674"
        },
        {
          "lang": "en",
          "value": "CWE-1333"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.