Lucene search
GitHub_MCVE-2024-28871HistoryApr 04, 2024 - 3:15 p.m.
CVE-2024-28871
2024-04-0415:15:38
CWE-770
GitHub_M
web.nvd.nist.gov
38
cve-2024-28871
libhtp
http protocol
excessive cpu usage
version 0.5.46
version 0.5.47
patch
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
15.5%
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.
Affected configurations
Node
oisflibhtp
CNA Affected
[
{
"vendor": "OISF",
"product": "libhtp",
"versions": [
{
"version": "= 0.5.46",
"status": "affected"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2024-28871
2024-04-04 00:00:00
nvd
nvd
CVE-2024-28871
2024-04-04 15:15:38
osv
osv
CVE-2024-28871
2024-04-04 15:15:38
cvelist
cvelist
CVE-2024-28871 Excessive CPU used on malformed traffic
2024-04-04 14:46:02
debiancve
debiancve
CVE-2024-28871
2024-04-04 15:15:38
veracode
veracode
Denial Of Service (DoS)
2024-04-19 07:12:48
vulnrichment
vulnrichment
CVE-2024-28871 Excessive CPU used on malformed traffic
2024-04-04 14:46:02
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
15.5%
Related for CVE-2024-28871