CVE-2024-45797: LibHTP's unbounded header handling leads to denial service
First published: Wed Oct 16 2024(Updated: )
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| LibHTP | <0.5.49 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-45797?
CVE-2024-45797 is considered a high severity vulnerability due to its potential for excessive CPU and memory usage.
How do I fix CVE-2024-45797?
To fix CVE-2024-45797, upgrade to LibHTP version 0.5.49 or later.
What is the impact of CVE-2024-45797?
The impact of CVE-2024-45797 includes performance degradation due to unbounded processing of HTTP headers.
Which versions of LibHTP are affected by CVE-2024-45797?
CVE-2024-45797 affects versions of LibHTP prior to 0.5.49.
Who is the vendor for CVE-2024-45797?
The vendor for CVE-2024-45797 is LibHTP.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/libhtp
- canonical/libhtp