6 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49. LibHTP es un analizador que tiene en cuenta la seguridad del protocolo HTTP y sus componentes relacionados. Antes de la versión 0.5.49, el procesamiento ilimitado de los encabezados de solicitud y respuesta HTTP podía generar un uso excesivo de la memoria y del tiempo de CPU, lo que posiblemente provocara ralentizaciones extremas. • https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f https://redmine.openinfosecfoundation.org/issues/7191 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available. LibHTP es un analizador consciente de la seguridad para el protocolo HTTP y los bits y piezas relacionados. • https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg https://redmine.openinfosecfoundation.org/issues/6757 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46. LibHTP es un analizador consciente de la seguridad para el protocolo HTTP. El tráfico manipulado puede provocar un tiempo de procesamiento excesivo de los encabezados HTTP, lo que lleva a la denegación de servicio. • https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P https://redmine.openinfosecfoundation.org/issues/6444 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. En OISF LibHTP versiones anteriores a 0.5.31, como es usado en Suricata versión 4.1.4 y otros productos, un error de análisis del protocolo HTTP hace que la firma http_header no avise en una respuesta con un solo \r\n al final. • https://github.com/OISF/libhtp/compare/0.5.30...0.5.31 https://github.com/OISF/libhtp/pull/213 https://redmine.openinfosecfoundation.org/issues/2969 • CWE-459: Incomplete Cleanup •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header. htp_parse_authorization_digest en htp_parsers.c en LibHTP 0.5.26 permite a los atacantes remotos provocar una sobrelectura de búfer basada en memoria dinámica (heap) a través de una cabecera "authorization digest". • https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html https://suricata-ids.org/2018/07/18/suricata-4-0-5-available • CWE-125: Out-of-bounds Read •