CVE-2024-23837 - Vulnerability Details - OpenCVE

ReportizFlow

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a
https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
https://lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/
https://redmine.openinfosecfoundation.org/issues/6444

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-26T16:17:24.372Z

Updated: 2024-08-12T14:57:03.079Z

Reserved: 2024-01-22T22:23:54.340Z

Link: CVE-2024-23837

Vulnrichment

Updated: 2024-08-01T23:13:08.238Z

NVD

Status : Awaiting Analysis

Published: 2024-02-26T16:27:57.897

Modified: 2024-11-21T08:58:31.960

Link: CVE-2024-23837

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23837", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-22T22:23:54.340Z", "datePublished": "2024-02-26T16:17:24.372Z", "dateUpdated": "2024-08-12T14:57:03.079Z"}, "containers": {"cna": {"title": "LibHTP unbounded folded header handling leads to denial service", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m"}, {"name": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6444", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/6444"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"}], "affected": [{"vendor": "OISF", "product": "libhtp", "versions": [{"version": "< 0.5.46", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-26T16:17:24.372Z"}, "descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46."}], "source": {"advisory": "GHSA-f9wf-rrjj-qx8m", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.238Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m"}, {"name": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6444", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://redmine.openinfosecfoundation.org/issues/6444"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "oisf", "product": "libhtp", "cpes": ["cpe:2.3:a:oisf:libhtp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.5.46", "versionType": "custom"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "38", "status": "affected"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "39", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T14:54:41.216991Z", "id": "CVE-2024-23837", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:57:03.079Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m", "name": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a", "name": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/6444", "name": "https://redmine.openinfosecfoundation.org/issues/6444", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.238Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23837", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-12T14:54:41.216991Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:oisf:libhtp:*:*:*:*:*:*:*:*"], "vendor": "oisf", "product": "libhtp", "versions": [{"status": "affected", "version": "0", "lessThan": "0.5.46", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "38"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "39"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:56:39.920Z"}}], "cna": {"title": "LibHTP unbounded folded header handling leads to denial service", "source": {"advisory": "GHSA-f9wf-rrjj-qx8m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "libhtp", "versions": [{"status": "affected", "version": "< 0.5.46"}]}], "references": [{"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m", "name": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a", "name": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a", "tags": ["x_refsource_MISC"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/6444", "name": "https://redmine.openinfosecfoundation.org/issues/6444", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"}], "descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-26T16:17:24.372Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23837", "state": "PUBLISHED", "dateUpdated": "2024-08-12T14:57:03.079Z", "dateReserved": "2024-01-22T22:23:54.340Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-26T16:17:24.372Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46."}, {"lang": "es", "value": "LibHTP es un analizador consciente de la seguridad para el protocolo HTTP. El tr\u00e1fico manipulado puede provocar un tiempo de procesamiento excesivo de los encabezados HTTP, lo que lleva a la denegaci\u00f3n de servicio. Este problema se aborda en 0.5.46."}], "id": "CVE-2024-23837", "lastModified": "2024-11-21T08:58:31.960", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-02-26T16:27:57.897", "references": [{"source": "[email protected]", "url": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a"}, {"source": "[email protected]", "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"}, {"source": "[email protected]", "url": "https://redmine.openinfosecfoundation.org/issues/6444"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://redmine.openinfosecfoundation.org/issues/6444"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "[email protected]", "type": "Secondary"}]}