Ubuntu.comUB:CVE-2024-28871CVE-2024-28871
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.5%
LibHTP is a security-aware parser for the HTTP protocol and the related
bits and pieces. Version 0.5.46 may parse malformed request traffic,
leading to excessive CPU usage. Version 0.5.47 contains a patch for the
issue. No known workarounds are available.
References
github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed
github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d
github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg
launchpad.net/bugs/cve/CVE-2024-28871
nvd.nist.gov/vuln/detail/CVE-2024-28871
redmine.openinfosecfoundation.org/issues/6757
security-tracker.debian.org/tracker/CVE-2024-28871
www.cve.org/CVERecord?id=CVE-2024-28871
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.5%