CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
oisflibhtp
𝑥
< 0.5.49
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libhtp
bullseye
vulnerable
bookworm
no-dsa
bullseye (security)
1:0.5.36-1+deb11u1
fixed
trixie
1:0.5.50-1+deb13u1
fixed
forky
1:0.5.52-1
fixed
sid
1:0.5.52-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libhtp
questing
not-affected
plucky
not-affected
oracular
ignored
noble
Fixed 1:0.5.46-1ubuntu2+esm1
released
jammy
Fixed 1:0.5.39-1ubuntu0.1~esm1
released
focal
Fixed 1:0.5.32-1ubuntu0.1~esm1
released
bionic
Fixed 1:0.5.26-1ubuntu0.1~esm1
released
xenial
Fixed 0.5.15-1ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f
https://redmine.openinfosecfoundation.org/issues/7191
https://lists.debian.org/debian-lts-announce/2025/09/msg00009.html