GitHub_MCVELIST:CVE-2024-23837CVE-2024-23837 LibHTP unbounded folded header handling leads to denial service
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
15.5%
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
CNA Affected
[
{
"vendor": "OISF",
"product": "libhtp",
"versions": [
{
"version": "< 0.5.46",
"status": "affected"
}
]
}
]References
github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a
github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/
lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/
redmine.openinfosecfoundation.org/issues/6444
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
15.5%