cbcvebase.
CVE-2024-45797
published 2024-10-16

CVE-2024-45797: LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.70%
48.7th percentile
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianlibhtp< libhtp 1:0.5.42-1+deb12u1 (bookworm)libhtp 1:0.5.42-1+deb12u1 (bookworm)
oisflibhtp< 0.5.490.5.49
oisflibhtp>= 0 < 1:0.5.36-1+deb11u11:0.5.36-1+deb11u1
oisflibhtp>= 0 < 1:0.5.42-1+deb12u11:0.5.42-1+deb12u1
oisflibhtp>= 0 < 1:0.5.49-11:0.5.49-1
oisflibhtp>= 0 < 1:0.5.49-11:0.5.49-1
oisflibhtp>= 0 < 0.5.15-1ubuntu0.1~esm10.5.15-1ubuntu0.1~esm1
oisflibhtp>= 0 < 1:0.5.26-1ubuntu0.1~esm11:0.5.26-1ubuntu0.1~esm1
oisflibhtp>= 0 < 1:0.5.32-1ubuntu0.1~esm11:0.5.32-1ubuntu0.1~esm1
oisflibhtp>= 0 < 1:0.5.39-1ubuntu0.1~esm11:0.5.39-1ubuntu0.1~esm1
oisflibhtp>= 0 < 1:0.5.46-1ubuntu2+esm11:0.5.46-1ubuntu2+esm1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.