CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

References

Affected packages

Git / github.com/oisf/libhtp

Affected ranges

Type: GIT
Repo: https://github.com/oisf/libhtp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

20ac301d801cdf01b3f021cca08a22a87f477c4a

Affected versions

0.*

0.2.5

0.5.0

0.5.1

0.5.10

0.5.11

0.5.12

0.5.13

0.5.14

0.5.15

0.5.16

0.5.17

0.5.18

0.5.19

0.5.2

0.5.20

0.5.21

0.5.22

0.5.23

0.5.24

0.5.25

0.5.26

0.5.27

0.5.28

0.5.29

0.5.3

0.5.30

0.5.31

0.5.32

0.5.33

0.5.34

0.5.35

0.5.36

0.5.37

0.5.38

0.5.39

0.5.4

0.5.40

0.5.41

0.5.42

0.5.43

0.5.44

0.5.45

0.5.5

0.5.6

0.5.7

0.5.8

0.5.9

Database specific

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/oisf/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a",
            "target": {
                "file": "htp/htp_request.c",
                "function": "htp_connp_REQ_HEADERS"
            },
            "signature_version": "v1",
            "digest": {
                "function_hash": "326996536456681381520762959134557183532",
                "length": 2341.0
            },
            "id": "CVE-2024-23837-37d33ccb"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/oisf/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a",
            "target": {
                "file": "htp/htp_request.c"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "94699668142441883860001977988921385600",
                    "9343111614226818352166505047567412274",
                    "276571502925875683918506425351582911103",
                    "285604449002618065100796546582523376870",
                    "113555999883347393169974635474450608176",
                    "75331160813435535477058174706823975828"
                ]
            },
            "id": "CVE-2024-23837-d97369dc"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/oisf/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a",
            "target": {
                "file": "htp/htp_response.c",
                "function": "htp_connp_RES_HEADERS"
            },
            "signature_version": "v1",
            "digest": {
                "function_hash": "66881056776851135965698242475482980791",
                "length": 4288.0
            },
            "id": "CVE-2024-23837-e24f81a5"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/oisf/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a",
            "target": {
                "file": "htp/htp_response.c"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "133036225453901820451721652519224656156",
                    "237260322100367246947276263599575851236",
                    "330700646841047790208413632344855916298",
                    "272617567149177778162421525676039124692",
                    "290096557333062269927278722753161954741",
                    "171000010392544289656399769411418539464",
                    "287923114168897523831744720864968961869"
                ]
            },
            "id": "CVE-2024-23837-e9a0086c"
        }
    ]
}