VDB
CVE-2024-23837
CVE-2024-23837
PUBLISHED
CVSS 7.5 HIGH
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
EPSS 0.27% · 50.5th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.27%
50.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| OISF | libhtp | * |
| fedoraproject | fedora | 38, 39 |
| oisf | libhtp | 0 |
| fedoraproject | fedora | 38, 39 |
| oisf | libhtp | 0 |
Timeline
- Jan 21, 1970 Security Advisory
- Feb 26, 2024 CVE Published
- Feb 27, 2024 EPSS Score
- Mar 25, 2024 EPSS Score
- Apr 20, 2024 EPSS Score
- Jun 12, 2024 EPSS Score
- Jul 9, 2024 EPSS Score
- Aug 5, 2024 EPSS Score
- Aug 31, 2024 EPSS Score
- Sep 27, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Nov 19, 2024 EPSS Score
References
- https://support.kaspersky.com/vulnerability/list-of-advisories/12430#260324 advisory
- https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m url
- https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a url
- https://redmine.openinfosecfoundation.org/issues/6444 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ url
- https://lists.debian.org/debian-lts-announce/2025/09/msg00009.html url