CVE-2024-45797 – LibHTP's unbounded header handling leads to denial service
https://notcve.org/view.php?id=CVE-2024-45797
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49. LibHTP es un analizador que tiene en cuenta la seguridad del protocolo HTTP y sus componentes relacionados. Antes de la versión 0.5.49, el procesamiento ilimitado de los encabezados de solicitud y respuesta HTTP podía generar un uso excesivo de la memoria y del tiempo de CPU, lo que posiblemente provocara ralentizaciones extremas. • https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f https://redmine.openinfosecfoundation.org/issues/7191 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-28871 – Excessive CPU used on malformed traffic
https://notcve.org/view.php?id=CVE-2024-28871
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available. LibHTP es un analizador consciente de la seguridad para el protocolo HTTP y los bits y piezas relacionados. • https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg https://redmine.openinfosecfoundation.org/issues/6757 • CWE-770: Allocation of Resources Without Limits or Throttling •