CVE-2024-45797

EUVD-2024-41605
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
oisflibhtp
𝑥
< 0.5.49
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libhtp
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
1:0.5.36-1+deb11u1
fixed
forky
1:0.5.52-1
fixed
sid
1:0.5.52-1
fixed
trixie
1:0.5.50-1+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libhtp
bionic
Fixed 1:0.5.26-1ubuntu0.1~esm1
released
focal
Fixed 1:0.5.32-1ubuntu0.1~esm1
released
jammy
Fixed 1:0.5.39-1ubuntu0.1~esm1
released
noble
Fixed 1:0.5.46-1ubuntu2+esm1
released
oracular
ignored
plucky
not-affected
questing
not-affected
xenial
Fixed 0.5.15-1ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f
https://redmine.openinfosecfoundation.org/issues/7191
https://lists.debian.org/debian-lts-announce/2025/09/msg00009.html