CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45797 – LibHTP's unbounded header handling leads to denial service
https://notcve.org/view.php?id=CVE-2024-45797
02 Oct 2024 — LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49. LibHTP es un analizador que tiene en cuenta la seguridad del protocolo HTTP y sus componentes relacionados. Antes de la versión 0.5.49, el procesamiento ilimitado de los encabezados de solicitud y respuesta HTTP... • https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28871 – Excessive CPU used on malformed traffic
https://notcve.org/view.php?id=CVE-2024-28871
20 Mar 2024 — LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available. LibHTP es un analizador consciente de la seguridad para el protocolo HTTP y los bits y piezas relacionados. • https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23837 – LibHTP unbounded folded header handling leads to denial service
https://notcve.org/view.php?id=CVE-2024-23837
26 Feb 2024 — LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46. LibHTP es un analizador consciente de la seguridad para el protocolo HTTP. El tráfico manipulado puede provocar un tiempo de procesamiento excesivo de los encabezados HTTP, lo que lleva a la denegación de servicio. • https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17420
https://notcve.org/view.php?id=CVE-2019-17420
09 Oct 2019 — In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. En OISF LibHTP versiones anteriores a 0.5.31, como es usado en Suricata versión 4.1.4 y otros productos, un error de análisis del protocolo HTTP hace que la firma http_header no avise en una respuesta con un solo \r\n al final. • https://github.com/OISF/libhtp/compare/0.5.30...0.5.31 • CWE-459: Incomplete Cleanup •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10243
https://notcve.org/view.php?id=CVE-2018-10243
04 Apr 2019 — htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header. htp_parse_authorization_digest en htp_parsers.c en LibHTP 0.5.26 permite a los atacantes remotos provocar una sobrelectura de búfer basada en memoria dinámica (heap) a través de una cabecera "authorization digest". • https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0928
https://notcve.org/view.php?id=CVE-2015-0928
28 Aug 2017 — libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). libhtp 0.5.15 permite que los atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL). • http://www.securityfocus.com/bid/73117 • CWE-476: NULL Pointer Dereference •