CVE-2024-23837

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-23837

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23837.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-23837

Related

Published

2024-02-26T16:27:57Z

Modified

2025-02-07T18:50:50.413231Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

References

Affected packages

Debian:11 / libhtp

Package

Name: libhtp
Purl: pkg:deb/debian/libhtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.5.36-1

1:0.5.37-1~exp1

1:0.5.38-1~bpo11+1

1:0.5.38-1~exp1

1:0.5.38-1

1:0.5.39-1~bpo10+1

1:0.5.39-1~bpo11+1

1:0.5.39-1

1:0.5.40-1~bpo10+1

1:0.5.40-1~bpo11+1

1:0.5.40-1

1:0.5.41-1~bpo10+1

1:0.5.41-1~bpo11+1

1:0.5.41-1

1:0.5.42-1~bpo11+1

1:0.5.42-1

1:0.5.43-1

1:0.5.44-1

1:0.5.45-1~bpo11+1

1:0.5.45-1~bpo12+1

1:0.5.45-1

1:0.5.46-1~bpo12+1

1:0.5.46-1

1:0.5.47-1

1:0.5.48-1~bpo11+1

1:0.5.48-1~bpo12+1

1:0.5.48-1

1:0.5.48-2

1:0.5.49-1~bpo12+1

1:0.5.49-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libhtp

Package

Name: libhtp
Purl: pkg:deb/debian/libhtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.5.42-1

1:0.5.43-1

1:0.5.44-1

1:0.5.45-1~bpo11+1

1:0.5.45-1~bpo12+1

1:0.5.45-1

1:0.5.46-1~bpo12+1

1:0.5.46-1

1:0.5.47-1

1:0.5.48-1~bpo11+1

1:0.5.48-1~bpo12+1

1:0.5.48-1

1:0.5.48-2

1:0.5.49-1~bpo12+1

1:0.5.49-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libhtp

Package

Name: libhtp
Purl: pkg:deb/debian/libhtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.5.46-1

Affected versions

1:0.*

1:0.5.42-1

1:0.5.43-1

1:0.5.44-1

1:0.5.45-1~bpo11+1

1:0.5.45-1~bpo12+1

1:0.5.45-1

1:0.5.46-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/oisf/libhtp

Affected ranges

Type: GIT
Repo: https://github.com/oisf/libhtp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

20ac301d801cdf01b3f021cca08a22a87f477c4a

Fixed

20ac301d801cdf01b3f021cca08a22a87f477c4a

Affected versions

0.*

0.2.5

0.5.0

0.5.1

0.5.10

0.5.11

0.5.12

0.5.13

0.5.14

0.5.15

0.5.16

0.5.17

0.5.18

0.5.19

0.5.2

0.5.20

0.5.21

0.5.22

0.5.23

0.5.24

0.5.25

0.5.26

0.5.27

0.5.28

0.5.29

0.5.3

0.5.30

0.5.31

0.5.32

0.5.33

0.5.34

0.5.35

0.5.36

0.5.37

0.5.38

0.5.39

0.5.4

0.5.40

0.5.41

0.5.42

0.5.43

0.5.44

0.5.45

0.5.5

0.5.6

0.5.7

0.5.8

0.5.9