CVE-2024-23837

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23837
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a Patch
https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ Mailing List
https://redmine.openinfosecfoundation.org/issues/6444 Exploit
https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a Patch
https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ Mailing List
https://redmine.openinfosecfoundation.org/issues/6444 Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:oisf:libhtp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
History

07 Feb 2025, 17:35

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:oisf:libhtp:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
First Time Fedoraproject fedora
Oisf
Oisf libhtp
Fedoraproject
References () https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a - () https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a - Patch
References () https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m - () https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m - Vendor Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ - Mailing List
References () https://redmine.openinfosecfoundation.org/issues/6444 - () https://redmine.openinfosecfoundation.org/issues/6444 - Exploit

21 Nov 2024, 08:58

Type Values Removed Values Added
References () https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a - () https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a -
References () https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m - () https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ -
References () https://redmine.openinfosecfoundation.org/issues/6444 - () https://redmine.openinfosecfoundation.org/issues/6444 -

07 Mar 2024, 03:15

Type Values Removed Values Added
Summary
  • (es) LibHTP es un analizador consciente de la seguridad para el protocolo HTTP. El tráfico manipulado puede provocar un tiempo de procesamiento excesivo de los encabezados HTTP, lo que lleva a la denegación de servicio. Este problema se aborda en 0.5.46.
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ -

26 Feb 2024, 16:32

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-26 16:27

Updated : 2025-02-07 17:35

NVD link : CVE-2024-23837

Mitre link : CVE-2024-23837

CVE.ORG link : CVE-2024-23837

JSON object : View

Products Affected

oisf

  • libhtp

fedoraproject

  • fedora
CWE
CWE-770

Allocation of Resources Without Limits or Throttling