Vulnerability Description
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oisf | Libhtp | < 0.5.46 |
| Fedoraproject | Fedora | 38 |
Related Weaknesses (CWE)
References
- https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4aPatch
- https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8mVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://redmine.openinfosecfoundation.org/issues/6444Exploit
- https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4aPatch
- https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8mVendor Advisory
- https://lists.debian.org/debian-lts-announce/2025/09/msg00009.html
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://redmine.openinfosecfoundation.org/issues/6444Exploit
FAQ
What is CVE-2024-23837?
CVE-2024-23837 is a vulnerability with a CVSS score of 7.5 (HIGH). LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
How severe is CVE-2024-23837?
CVE-2024-23837 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23837?
Check the references section above for vendor advisories and patch information. Affected products include: Oisf Libhtp, Fedoraproject Fedora.