{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-52887","title":"Title"},{"category":"description","text":"cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-52887","url":"https://www.suse.com/security/cve/CVE-2025-52887"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1245414 for CVE-2025-52887","url":"https://bugzilla.suse.com/1245414"}],"title":"SUSE CVE CVE-2025-52887","tracking":{"current_release_date":"2026-01-13T00:31:43Z","generator":{"date":"2025-06-26T23:21:43Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-52887","initial_release_date":"2025-06-26T23:21:43Z","revision_history":[{"date":"2025-06-26T23:21:43Z","number":"2","summary":"Current version"},{"date":"2025-07-02T23:21:32Z","number":"3","summary":"Current version"},{"date":"2025-07-07T23:21:50Z","number":"4","summary":"Current version"},{"date":"2025-09-18T23:22:26Z","number":"5","summary":"Current version"},{"date":"2025-11-29T00:24:07Z","number":"6","summary":"Current version"},{"date":"2026-01-13T00:31:43Z","number":"7","summary":"unknown changes"}],"status":"interim","version":"7"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 16.0","product":{"name":"SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server"}}},{"category":"product_name","name":"SUSE Package Hub 15 SP6","product":{"name":"SUSE Package Hub 15 SP6","product_id":"SUSE Package Hub 15 SP6"}},{"category":"product_name","name":"openSUSE Leap 15.6","product":{"name":"openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.6"}}},{"category":"product_version","name":"cpp-httplib","product":{"name":"cpp-httplib","product_id":"cpp-httplib","product_identification_helper":{"purl":"pkg:rpm/suse/cpp-httplib@"}}},{"category":"product_version","name":"cpp-httplib-devel-0.20.1-bp156.2.9.1","product":{"name":"cpp-httplib-devel-0.20.1-bp156.2.9.1","product_id":"cpp-httplib-devel-0.20.1-bp156.2.9.1","product_identification_helper":{"purl":"pkg:rpm/suse/cpp-httplib-devel@0.20.1-bp156.2.9.1"}}},{"category":"product_version","name":"libcpp-httplib0_20-0.20.1-bp156.2.9.1","product":{"name":"libcpp-httplib0_20-0.20.1-bp156.2.9.1","product_id":"libcpp-httplib0_20-0.20.1-bp156.2.9.1","product_identification_helper":{"purl":"pkg:rpm/suse/libcpp-httplib0_20@0.20.1-bp156.2.9.1"}}},{"category":"product_version","name":"libcpp-httplib0_22","product":{"name":"libcpp-httplib0_22","product_id":"libcpp-httplib0_22","product_identification_helper":{"purl":"pkg:rpm/suse/libcpp-httplib0_22@?upstream=cpp-httplib.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cpp-httplib-devel-0.20.1-bp156.2.9.1 as component of SUSE Package Hub 15 SP6","product_id":"SUSE Package Hub 15 SP6:cpp-httplib-devel-0.20.1-bp156.2.9.1"},"product_reference":"cpp-httplib-devel-0.20.1-bp156.2.9.1","relates_to_product_reference":"SUSE Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"libcpp-httplib0_20-0.20.1-bp156.2.9.1 as component of SUSE Package Hub 15 SP6","product_id":"SUSE Package Hub 15 SP6:libcpp-httplib0_20-0.20.1-bp156.2.9.1"},"product_reference":"libcpp-httplib0_20-0.20.1-bp156.2.9.1","relates_to_product_reference":"SUSE Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"cpp-httplib-devel-0.20.1-bp156.2.9.1 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:cpp-httplib-devel-0.20.1-bp156.2.9.1"},"product_reference":"cpp-httplib-devel-0.20.1-bp156.2.9.1","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"libcpp-httplib0_20-0.20.1-bp156.2.9.1 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:libcpp-httplib0_20-0.20.1-bp156.2.9.1"},"product_reference":"libcpp-httplib0_20-0.20.1-bp156.2.9.1","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"libcpp-httplib0_22 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:libcpp-httplib0_22"},"product_reference":"libcpp-httplib0_22","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"cpp-httplib as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:cpp-httplib"},"product_reference":"cpp-httplib","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"}]},"vulnerabilities":[{"cve":"CVE-2025-52887","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-52887"}],"notes":[{"category":"general","text":"cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Server 16.0:cpp-httplib","SUSE Linux Enterprise Server 16.0:libcpp-httplib0_22"],"recommended":["SUSE Package Hub 15 SP6:cpp-httplib-devel-0.20.1-bp156.2.9.1","SUSE Package Hub 15 SP6:libcpp-httplib0_20-0.20.1-bp156.2.9.1","openSUSE Leap 15.6:cpp-httplib-devel-0.20.1-bp156.2.9.1","openSUSE Leap 15.6:libcpp-httplib0_20-0.20.1-bp156.2.9.1"]},"references":[{"category":"external","summary":"CVE-2025-52887","url":"https://www.suse.com/security/cve/CVE-2025-52887"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1245414 for CVE-2025-52887","url":"https://bugzilla.suse.com/1245414"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP6:cpp-httplib-devel-0.20.1-bp156.2.9.1","SUSE Package Hub 15 SP6:libcpp-httplib0_20-0.20.1-bp156.2.9.1","openSUSE Leap 15.6:cpp-httplib-devel-0.20.1-bp156.2.9.1","openSUSE Leap 15.6:libcpp-httplib0_20-0.20.1-bp156.2.9.1"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Package Hub 15 SP6:cpp-httplib-devel-0.20.1-bp156.2.9.1","SUSE Package Hub 15 SP6:libcpp-httplib0_20-0.20.1-bp156.2.9.1","openSUSE Leap 15.6:cpp-httplib-devel-0.20.1-bp156.2.9.1","openSUSE Leap 15.6:libcpp-httplib0_20-0.20.1-bp156.2.9.1"]}],"threats":[{"category":"impact","date":"2025-06-26T16:04:02Z","details":"important"}],"title":"CVE-2025-52887"}]}