CVE-2024-23837

Published: Feb 26, 2024Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

Affected (3)

Products: Oisf: Libhtp · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oisf Libhtp	Before 0.5.46

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 38
Fedoraproject Fedora	Version 39

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (11)

https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a

Source: security-advisories@github.com

Patch

https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m

Source: security-advisories@github.com

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/

Source: security-advisories@github.com

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/

Source: security-advisories@github.com

Mailing List

https://redmine.openinfosecfoundation.org/issues/6444

Source: security-advisories@github.com

Exploit

https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a