Lucene search

[email protected]NVD:CVE-2024-23837

HistoryFeb 26, 2024 - 4:27 p.m.

CVE-2024-23837

2024-02-2616:27:57

CWE-770

[email protected]

web.nvd.nist.gov

libhtp

security-aware

http protocol

parser

denial of service

fix

0.5.46

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

15.5%

JSON

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

References

github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a

github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m

lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/

lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/

redmine.openinfosecfoundation.org/issues/6444

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2024-23837

ubuntucve1 osv1 openvas3 prion1 debiancve1 vulnrichment1 nessus4 cve1 veracode1 cvelist1 freebsd1 fedora2