CVE-2024-45797— LibHTP's unbounded header handling leads to denial service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-45797
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LibHTP's unbounded header handling leads to denial service
Source: NVD (National Vulnerability Database)
Vulnerability Description
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
LibHTP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LibHTP是Open Information Security基金会的一款安全感知解析器。该产品主要用于HTTP协议等。 LibHTP 0.5.49之前版本存在安全漏洞,该漏洞源于对HTTP请求和响应标头的没有进行限制,从而导致过多的CPU时间和内存利用率。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-45797
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-45797
请登录查看更多情报信息。
- https://redmine.openinfosecfoundation.org/issues/7191x_refsource_MISC
- https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248fx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2024-45797
Same Patch Batch · OISF · 2024-10-16 · 6 CVEs total
| CVE-2024-45795 | 7.5 HIGH | Suricata detect/datasets: reachable assertion with unimplemented rule option |
| CVE-2024-47188 | 7.5 HIGH | Suricata http/byte-ranges: missing hashtable random seed leads to potential DoS |
| CVE-2024-47522 | 7.5 HIGH | Suricata ja4: invalid alpn leads to panic |
| CVE-2024-47187 | 7.5 HIGH | Suricata datasets: missing hashtable random seed leads to potential DoS |
| CVE-2024-45796 | 5.3 MEDIUM | Suricata defrag: off by one can lead to policy bypass |
IV. Related Vulnerabilities
Same vendor: OISF
- CVE-2026-31937
Suricata dcerpc: quadratic complexity in dcerpc buffering - CVE-2026-31935
Suricata http2: unbounded resource consumption - CVE-2026-31934
Suricata smtp/mine: quadratic complexity in extracting urls - CVE-2026-31933
Suricata stream: quadratic complexity in stream inspection - CVE-2026-31932
Suricata krb5: quadratic complexity in krb5 buffering
Same weakness: CWE-770
- CVE-2026-42294
Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in W - CVE-2026-42189
Russh: Pre-auth DoS via unbounded allocation in keyboard-int - CVE-2026-42793
Atom table exhaustion via attacker-controlled GraphQL SDL na - CVE-2026-44499
ZEBRA: Permanent Block Discovery Halt via Gossip Queue Satur - CVE-2026-44500
ZEBRA: Allocation Amplification in Inbound Network Deseriali
V. Comments for CVE-2024-45797
No comments yet