libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).
7.5CVSS
7.2AI Score
0.001EPSS
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
9.8CVSS
9.2AI Score
0.005EPSS
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
5.3CVSS
5.2AI Score
0.001EPSS
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
7.5CVSS
7.1AI Score
0.0004EPSS
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.
7.5CVSS
7.5AI Score
0.0004EPSS