7 matches found
CVE-2024-23837
CVE-2024-23837 affects LibHTP, a security-aware HTTP parser. Crafted traffic can cause excessive HTTP header processing time, leading to a denial of service. Upstream fix is in LibHTP 0.5.46. Connected advisories note the issue across multiple distributions (Ubuntu USN-7814-1; Debian DLA-4295-1; ...
CVE-2019-17420
CVE-2019-17420 affects LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products. The vulnerability arises from an HTTP protocol parsing error that causes the http_header signature to fail to alert on a response ending with a single CRLF ("\r\n"). Impact is that such responses may bypass...
CVE-2024-45797
CVE-2024-45797 affects LibHTP prior to 0.5.49, where unbounded processing of HTTP request/response headers can cause excessive CPU and memory usage, leading to DoS-like slowdowns. The issue is addressed in LibHTP 0.5.49. Public disclosures in Ubuntu USN-7814-1 and Debian DLA-4295-1, and related O...
CVE-2024-28871
LibHTP vulnerability CVE-2024-28871 affects LibHTP 0.5.46, which may parse malformed HTTP traffic causing high CPU. A patch is in 0.5.47. Public details indicate a DoS impact; no workarounds are listed in the provided documents. Ubuntu/Red Hat advisories corroborate the patch and impact.
CVE-2018-10243
CVE-2018-10243 affects LibHTP 0.5.26: the function htp_parse_authorization_digest in htp_parsers.c can cause a heap-based buffer over-read when processing an authorization digest header. This is a remote, network-exploitable condition reported across multiple sources (OSV, Debian/NASL references)...
CVE-2015-0928
CVE-2015-0928 affects libhtp 0.5.15. The connected sources consistently describe a remote denial-of-service condition caused by a NULL pointer dereference in libhtp. The provided documents do not specify the exact trigger, affected products beyond libhtp, versions other than 0.5.15, or a concrete...
CVE-2025-53537
CVE-2025-53537 affects LibHTP