CVE-2024-28871 — Vulnetix

CVE-2024-28871 PUBLISHED CVSS 7.5 HIGH

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.

EPSS 0.13% · 33.0th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.13%

33.0th percentile

Affected Products

Vendor	Product	Versions
oisf	libhtp	0.5.46
OISF	libhtp	= 0.5.46
oisf	libhtp	0.5.46

Exploit Intelligence

https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg (circl)
https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed (circl)
https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d (circl)
https://redmine.openinfosecfoundation.org/issues/6757 (circl)

Timeline

Jan 21, 1970 Security Advisory
Apr 4, 2024 CVE Published
Apr 5, 2024 EPSS Score
Apr 30, 2024 EPSS Score
May 26, 2024 EPSS Score
Jul 15, 2024 EPSS Score
Aug 10, 2024 EPSS Score
Aug 26, 2024 CVE Updated
Sep 4, 2024 EPSS Score
Sep 29, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 24, 2024 EPSS Score

References

https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg url
https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed url
https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d url
https://redmine.openinfosecfoundation.org/issues/6757 url

Open in Interactive Console →