CVE-2024-45797

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45797

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45797.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-45797

Aliases

GHSA-rqqp-24ch-248f

Downstream

UBUNTU-CVE-2024-45797

Published

2024-10-16T19:15:27Z

Modified

2025-07-11T05:47:37.972002Z

Summary

[none]

Details

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.

References

Affected packages

Debian:11 / libhtp

Package

Name: libhtp
Purl: pkg:deb/debian/libhtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.5.36-1

1:0.5.37-1~exp1

1:0.5.38-1~bpo11+1

1:0.5.38-1~exp1

1:0.5.38-1

1:0.5.39-1~bpo10+1

1:0.5.39-1~bpo11+1

1:0.5.39-1

1:0.5.40-1~bpo10+1

1:0.5.40-1~bpo11+1

1:0.5.40-1

1:0.5.41-1~bpo10+1

1:0.5.41-1~bpo11+1

1:0.5.41-1

1:0.5.42-1~bpo11+1

1:0.5.42-1

1:0.5.43-1

1:0.5.44-1

1:0.5.45-1~bpo11+1

1:0.5.45-1~bpo12+1

1:0.5.45-1

1:0.5.46-1~bpo12+1

1:0.5.46-1

1:0.5.47-1

1:0.5.48-1~bpo11+1

1:0.5.48-1~bpo12+1

1:0.5.48-1

1:0.5.48-2

1:0.5.49-1~bpo12+1

1:0.5.49-1

1:0.5.50-1~bpo12+1

1:0.5.50-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libhtp

Package

Name: libhtp
Purl: pkg:deb/debian/libhtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.5.42-1

1:0.5.43-1

1:0.5.44-1

1:0.5.45-1~bpo11+1

1:0.5.45-1~bpo12+1

1:0.5.45-1

1:0.5.46-1~bpo12+1

1:0.5.46-1

1:0.5.47-1

1:0.5.48-1~bpo11+1

1:0.5.48-1~bpo12+1

1:0.5.48-1

1:0.5.48-2

1:0.5.49-1~bpo12+1

1:0.5.49-1

1:0.5.50-1~bpo12+1

1:0.5.50-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libhtp

Package

Name: libhtp
Purl: pkg:deb/debian/libhtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.5.49-1

Affected versions

1:0.*

1:0.5.42-1

1:0.5.43-1

1:0.5.44-1

1:0.5.45-1~bpo11+1

1:0.5.45-1~bpo12+1

1:0.5.45-1

1:0.5.46-1~bpo12+1

1:0.5.46-1

1:0.5.47-1

1:0.5.48-1~bpo11+1

1:0.5.48-1~bpo12+1

1:0.5.48-1

1:0.5.48-2

1:0.5.49-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/oisf/libhtp

Affected ranges

Type: GIT
Repo: https://github.com/oisf/libhtp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b28eadc5fa6c51fec6079b106824a11b461fc4ee

Affected versions

0.*

0.2.5

0.5.0

0.5.1

0.5.10

0.5.11

0.5.12

0.5.13

0.5.14

0.5.15

0.5.16

0.5.17

0.5.18

0.5.19

0.5.2

0.5.20

0.5.21

0.5.22

0.5.23

0.5.24

0.5.25

0.5.26

0.5.27

0.5.28

0.5.29

0.5.3

0.5.30

0.5.31

0.5.32

0.5.33

0.5.34

0.5.35

0.5.36

0.5.37

0.5.38

0.5.39

0.5.4

0.5.40

0.5.41

0.5.42

0.5.43

0.5.44

0.5.45

0.5.46

0.5.47

0.5.48

0.5.5

0.5.6

0.5.7

0.5.8

0.5.9