Libhtp

libhtp

Vendor: Oisf • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-53537 1Oisf 1Libhtp Aug 5, 2025 Jul 23, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visi...Show more LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false. This issue is fixed in version 0.5.51.Show less
CVE-2024-45797 1Oisf 1Libhtp Nov 3, 2025 Oct 16, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utiliz...Show more LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.Show less
CVE-2024-28871 1Oisf 1Libhtp Jun 30, 2025 Apr 4, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue....Show more LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.Show less
CVE-2024-23837 2Fedoraproject Oisf 2Fedora Libhtp Nov 3, 2025 Feb 26, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
CVE-2019-17420 2Oisf Suricata Ids 2Libhtp Suricata Nov 21, 2024 Oct 10, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
CVE-2018-10243 1Oisf 1Libhtp Nov 21, 2024 Apr 4, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
CVE-2015-0928 1Oisf 1Libhtp May 13, 2026 Aug 28, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).