CVE-2024-23837

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions LibHTP versions prior to 0.5.46

Description The issue is related to excessive processing time of HTTP headers, leading to denial of service when crafted traffic is sent. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 0.5.46, update to version 0.5.46 to resolve the issue. As a temporary workaround, consider restricting the processing of HTTP headers to minimize the risk of exploitation.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-1395

Related Identifiers

BDU:2024-02277

CVE-2024-23837

DLA-4295-1

GHSA-F9WF-RRJJ-QX8M

OPENSUSE-SU-2024:0150-1

OPENSUSE-SU-2024:0150-2

OPENSUSE-SU-2024:13706-1

USN-7814-1

Affected Products

Debian

Libhtp

Linuxmint

Ubuntu

CVE-2024-23837

Weakness Enumeration

Related Identifiers

Affected Products

References · 36