CVE-2024-23837
published 2024-02-26CVE-2024-23837: LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.19%
64.1th percentile
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libhtp | < libhtp 1:0.5.42-1+deb12u1 (bookworm) | libhtp 1:0.5.42-1+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| oisf | libhtp | < 0.5.46 | 0.5.46 |
| oisf | libhtp | >= 0 < 1:0.5.36-1+deb11u1 | 1:0.5.36-1+deb11u1 |
| oisf | libhtp | >= 0 < 1:0.5.42-1+deb12u1 | 1:0.5.42-1+deb12u1 |
| oisf | libhtp | >= 0 < 1:0.5.46-1 | 1:0.5.46-1 |
| oisf | libhtp | >= 0 < 1:0.5.46-1 | 1:0.5.46-1 |
| oisf | libhtp | >= 0 < 0.5.15-1ubuntu0.1~esm1 | 0.5.15-1ubuntu0.1~esm1 |
| oisf | libhtp | >= 0 < 1:0.5.26-1ubuntu0.1~esm1 | 1:0.5.26-1ubuntu0.1~esm1 |
| oisf | libhtp | >= 0 < 1:0.5.32-1ubuntu0.1~esm1 | 1:0.5.32-1ubuntu0.1~esm1 |
| oisf | libhtp | >= 0 < 1:0.5.39-1ubuntu0.1~esm1 | 1:0.5.39-1ubuntu0.1~esm1 |
| oisf | libhtp | >= 0 < 1:0.5.46-1ubuntu2+esm1 | 1:0.5.46-1ubuntu2+esm1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibHTP vulnerabilities
vendor_ubuntu·2025-10-09·CVSS 7.5
CVE-2025-53537 [HIGH] LibHTP vulnerabilities
Title: LibHTP vulnerabilities
Summary: Several security issues were fixed in LibHTP.
It was discovered that LibHTP did not correctly handle certain HTTP
headers. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-23837)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-28871)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2024-45797)
It was disco
Debian
CVE-2024-23837: libhtp - LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cau...
vendor_debian·2024·CVSS 7.5
CVE-2024-23837 [HIGH] CVE-2024-23837: libhtp - LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cau...
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
Scope: local
bookworm: resolved (fixed in 1:0.5.42-1+deb12u1)
bullseye: resolved (fixed in 1:0.5.36-1+deb11u1)
forky: resolved (fixed in 1:0.5.46-1)
sid: resolved (fixed in 1:0.5.46-1)
trixie: resolved (fixed in 1:0.5.46-1)
OSV
libhtp vulnerabilities
osv·2025-10-09·CVSS 7.5
CVE-2024-23837 [HIGH] libhtp vulnerabilities
libhtp vulnerabilities
It was discovered that LibHTP did not correctly handle certain HTTP
headers. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-23837)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-28871)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2024-45797)
It was discovered that LibHTP did not correctly handle certain memory
opera
OSV
CVE-2024-23837: LibHTP is a security-aware parser for the HTTP protocol
osv·2024-02-26·CVSS 7.5
CVE-2024-23837 [HIGH] CVE-2024-23837: LibHTP is a security-aware parser for the HTTP protocol
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4ahttps://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8mhttps://lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/https://lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/https://redmine.openinfosecfoundation.org/issues/6444https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4ahttps://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8mhttps://lists.debian.org/debian-lts-announce/2025/09/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/https://lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/https://redmine.openinfosecfoundation.org/issues/6444
2024-02-26
Published