DEBIAN-CVE-2024-45797

DEBIAN-CVE-2024-45797 PUBLISHED CVSS 7.5 HIGH

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	libhtp	0, 0
Debian:11	libhtp	0, 0, 0.5.36-1
Debian:12	libhtp	0, 1:0.5.42-1, 0
Debian:14	libhtp	0, 0

Timeline

Oct 16, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-45797 advisory

Open in Interactive Console →