cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep recursion, consuming one stack frame per input character.
An attacker can send a single HTTP POST request with a crafted filename* parameter that causes uncontrolled stack growth, resulting in a stack overflow (SIGSEGV) that crashes the server process. This issue has been patched in version 0.37.0.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
References 3
https://github.com/yhirose/cpp-httplib/commit/de296af3eb5b0d5c116470e033db900e4…
security-advisories@github.com
https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.0
security-advisories@github.com
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qq6v-r583-3h69
security-advisories@github.com