CVE-2024-23837

Published: 26 February 2024

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

Priority

Status

Package	Release	Status
libhtp Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	jammy	Needs triage
	mantic	Ignored (end of life, was needs-triage)
	noble	Needs triage
	trusty	Ignored (end of standard support)
	upstream	Released (1:0.5.46-1)
	xenial	Needs triage

References

https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a (0.5.46)
https://redmine.openinfosecfoundation.org/issues/6444
https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a
https://www.cve.org/CVERecord?id=CVE-2024-23837
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.