CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
oisflibhtp
𝑥
< 0.5.49
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libhtp
bullseye
vulnerable
bookworm
no-dsa
bullseye (security)
1:0.5.36-1+deb11u1
fixed
trixie
1:0.5.50-1
fixed
forky
1:0.5.52-1
fixed
sid
1:0.5.52-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libhtp
plucky
not-affected
oracular
ignored
noble
needed
jammy
needed
focal
needed
bionic
needed
xenial
needed
Common Weakness Enumeration
References
https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f
https://redmine.openinfosecfoundation.org/issues/7191