CVE-2020-11709

NameCVE-2020-11709
Descriptioncpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cpp-httplib (PTS)bookworm0.11.4+ds-1+deb12u1fixed
forky, sid, trixie0.18.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cpp-httplibsource(unstable)(not affected)

Notes

- cpp-httplib <not-affected> (Fixed before initial upload to Debian)
https://github.com/yhirose/cpp-httplib/issues/425
https://github.com/yhirose/cpp-httplib/commit/85327e19ae7e72028c30917247238d638ce56d0b (v0.5.9)
Search for package or bug name: Reporting problems