CVE-2024-28871 - Vulnerability Details - OpenCVE

ReportizFlow

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed
https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d
https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg
https://redmine.openinfosecfoundation.org/issues/6757

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-04T14:46:02.803Z

Updated: 2024-08-26T20:45:59.274Z

Reserved: 2024-03-11T22:45:07.688Z

Link: CVE-2024-28871

Vulnrichment

Updated: 2024-08-02T00:56:58.322Z

NVD

Status : Awaiting Analysis

Published: 2024-04-04T15:15:38.647

Modified: 2024-11-21T09:07:05.180

Link: CVE-2024-28871

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28871", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-11T22:45:07.688Z", "datePublished": "2024-04-04T14:46:02.803Z", "dateUpdated": "2024-08-26T20:45:59.274Z"}, "containers": {"cna": {"title": "Excessive CPU used on malformed traffic", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg"}, {"name": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed"}, {"name": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/6757"}], "affected": [{"vendor": "OISF", "product": "libhtp", "versions": [{"version": "= 0.5.46", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T14:46:02.803Z"}, "descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available."}], "source": {"advisory": "GHSA-ffr2-45w9-7wmg", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.322Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg"}, {"name": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed"}, {"name": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://redmine.openinfosecfoundation.org/issues/6757"}]}, {"affected": [{"vendor": "oisf", "product": "libhtp", "cpes": ["cpe:2.3:a:oisf:libhtp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.5.46", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-04T15:49:46.678225Z", "id": "CVE-2024-28871", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T20:45:59.274Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "name": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "name": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "name": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/6757", "name": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.322Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28871", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-04T15:49:46.678225Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:oisf:libhtp:*:*:*:*:*:*:*:*"], "vendor": "oisf", "product": "libhtp", "versions": [{"status": "affected", "version": "0.5.46"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T20:45:37.618Z"}}], "cna": {"title": "Excessive CPU used on malformed traffic", "source": {"advisory": "GHSA-ffr2-45w9-7wmg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "libhtp", "versions": [{"status": "affected", "version": "= 0.5.46"}]}], "references": [{"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "name": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "name": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "name": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["x_refsource_MISC"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/6757", "name": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T14:46:02.803Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28871", "state": "PUBLISHED", "dateUpdated": "2024-08-26T20:45:59.274Z", "dateReserved": "2024-03-11T22:45:07.688Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-04T14:46:02.803Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available."}, {"lang": "es", "value": "LibHTP es un analizador consciente de la seguridad para el protocolo HTTP y los bits y piezas relacionados. La versi\u00f3n 0.5.46 puede analizar el tr\u00e1fico de solicitudes con formato incorrecto, lo que provoca un uso excesivo de la CPU. La versi\u00f3n 0.5.47 contiene un parche para el problema. No hay workarounds disponibles."}], "id": "CVE-2024-28871", "lastModified": "2024-11-21T09:07:05.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-04-04T15:15:38.647", "references": [{"source": "[email protected]", "url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed"}, {"source": "[email protected]", "url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d"}, {"source": "[email protected]", "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg"}, {"source": "[email protected]", "url": "https://redmine.openinfosecfoundation.org/issues/6757"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://redmine.openinfosecfoundation.org/issues/6757"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "[email protected]", "type": "Secondary"}]}