VDB
CNVD-2024-14582
CNVD-2024-14582
PUBLISHED
CVSS 7.5 HIGH
LibHTP是一款安全感知解析器。该产品主要用于HTTP协议等。 LibHTP 0.5.46版本之前存在拒绝服务漏洞,该漏洞源于未对输入的错误消息做正确的处理,攻击者可利用该漏洞通过精心设计的流量可能会导致HTTP标头的处理时间过长,从而导致拒绝服务。
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oisf | libhtp | 0 |
| OISF | libhtp | < 0.5.46 |
| fedoraproject | fedora | 38, 39 |
Exploit Intelligence
- CIRCL seen: CVE-2024-23837 (circl-sighting)
- https://lists.debian.org/debian-lts-announce/2025/09/msg00009.html (circl)
- https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m (circl)
- https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a (circl)
- https://redmine.openinfosecfoundation.org/issues/6444 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ (circl)
Timeline
- Feb 26, 2024 CVE Published
- Mar 14, 2024 CVE ID Reserved
- Mar 14, 2024 PoC Published
References
- https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m url
- https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a url
- https://redmine.openinfosecfoundation.org/issues/6444 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ url
- https://lists.debian.org/debian-lts-announce/2025/09/msg00009.html url