CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
oisflibhtp
𝑥
< 0.5.46
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libhtp
bullseye
vulnerable
bookworm
no-dsa
buster
no-dsa
bullseye (security)
1:0.5.36-1+deb11u1
fixed
trixie
1:0.5.50-1
fixed
forky
1:0.5.52-1
fixed
sid
1:0.5.52-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libhtp
plucky
not-affected
oracular
ignored
noble
not-affected
mantic
ignored
jammy
needed
focal
needed
bionic
needed
xenial
needed
trusty
ignored
Common Weakness Enumeration
References
https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a
https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/
https://redmine.openinfosecfoundation.org/issues/6444
https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a
https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/
https://redmine.openinfosecfoundation.org/issues/6444