CVE-2024-23837

7.5 HIGH

Published: February 26, 2024 Modified: November 03, 2025

Description

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a

Source: security-advisories@github.com

Patch

https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m

Source: security-advisories@github.com

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/

Source: security-advisories@github.com

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/

Source: security-advisories@github.com

Mailing List

https://redmine.openinfosecfoundation.org/issues/6444

Source: security-advisories@github.com

Exploit

https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a