CVE-2024-45797
published 2024-10-16CVE-2024-45797: LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.70%
48.7th percentile
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libhtp | < libhtp 1:0.5.42-1+deb12u1 (bookworm) | libhtp 1:0.5.42-1+deb12u1 (bookworm) |
| oisf | libhtp | < 0.5.49 | 0.5.49 |
| oisf | libhtp | >= 0 < 1:0.5.36-1+deb11u1 | 1:0.5.36-1+deb11u1 |
| oisf | libhtp | >= 0 < 1:0.5.42-1+deb12u1 | 1:0.5.42-1+deb12u1 |
| oisf | libhtp | >= 0 < 1:0.5.49-1 | 1:0.5.49-1 |
| oisf | libhtp | >= 0 < 1:0.5.49-1 | 1:0.5.49-1 |
| oisf | libhtp | >= 0 < 0.5.15-1ubuntu0.1~esm1 | 0.5.15-1ubuntu0.1~esm1 |
| oisf | libhtp | >= 0 < 1:0.5.26-1ubuntu0.1~esm1 | 1:0.5.26-1ubuntu0.1~esm1 |
| oisf | libhtp | >= 0 < 1:0.5.32-1ubuntu0.1~esm1 | 1:0.5.32-1ubuntu0.1~esm1 |
| oisf | libhtp | >= 0 < 1:0.5.39-1ubuntu0.1~esm1 | 1:0.5.39-1ubuntu0.1~esm1 |
| oisf | libhtp | >= 0 < 1:0.5.46-1ubuntu2+esm1 | 1:0.5.46-1ubuntu2+esm1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibHTP vulnerabilities
vendor_ubuntu·2025-10-09·CVSS 7.5
CVE-2025-53537 [HIGH] LibHTP vulnerabilities
Title: LibHTP vulnerabilities
Summary: Several security issues were fixed in LibHTP.
It was discovered that LibHTP did not correctly handle certain HTTP
headers. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-23837)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-28871)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2024-45797)
It was disco
Debian
CVE-2024-45797: libhtp - LibHTP is a security-aware parser for the HTTP protocol and the related bits and...
vendor_debian·2024·CVSS 7.5
CVE-2024-45797 [HIGH] CVE-2024-45797: libhtp - LibHTP is a security-aware parser for the HTTP protocol and the related bits and...
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.
Scope: local
bookworm: resolved (fixed in 1:0.5.42-1+deb12u1)
bullseye: resolved (fixed in 1:0.5.36-1+deb11u1)
forky: resolved (fixed in 1:0.5.49-1)
sid: resolved (fixed in 1:0.5.49-1)
trixie: resolved (fixed in 1:0.5.49-1)
OSV
libhtp vulnerabilities
osv·2025-10-09·CVSS 7.5
CVE-2024-23837 [HIGH] libhtp vulnerabilities
libhtp vulnerabilities
It was discovered that LibHTP did not correctly handle certain HTTP
headers. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-23837)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-28871)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2024-45797)
It was discovered that LibHTP did not correctly handle certain memory
opera
OSV
CVE-2024-45797: LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces
osv·2024-10-16·CVSS 7.5
CVE-2024-45797 [HIGH] CVE-2024-45797: LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-16
Published