cbcvebase.
CVE-2024-23837
published 2024-02-26

CVE-2024-23837: LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service…

PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.19%
64.1th percentile
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianlibhtp< libhtp 1:0.5.42-1+deb12u1 (bookworm)libhtp 1:0.5.42-1+deb12u1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
oisflibhtp< 0.5.460.5.46
oisflibhtp>= 0 < 1:0.5.36-1+deb11u11:0.5.36-1+deb11u1
oisflibhtp>= 0 < 1:0.5.42-1+deb12u11:0.5.42-1+deb12u1
oisflibhtp>= 0 < 1:0.5.46-11:0.5.46-1
oisflibhtp>= 0 < 1:0.5.46-11:0.5.46-1
oisflibhtp>= 0 < 0.5.15-1ubuntu0.1~esm10.5.15-1ubuntu0.1~esm1
oisflibhtp>= 0 < 1:0.5.26-1ubuntu0.1~esm11:0.5.26-1ubuntu0.1~esm1
oisflibhtp>= 0 < 1:0.5.32-1ubuntu0.1~esm11:0.5.32-1ubuntu0.1~esm1
oisflibhtp>= 0 < 1:0.5.39-1ubuntu0.1~esm11:0.5.39-1ubuntu0.1~esm1
oisflibhtp>= 0 < 1:0.5.46-1ubuntu2+esm11:0.5.46-1ubuntu2+esm1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.