Heap-Based Buffer Over-Read in LibHTP Affects Various Networking Applications
CVE-2018-10243

9.8CRITICAL

Key Information:

Vendor: Oisf
Status: Libhtp
Vendor: CVE Published:; 4 April 2019

What is CVE-2018-10243?

In LibHTP version 0.5.26, a vulnerability exists in the htp_parse_authorization_digest function within htp_parsers.c. This flaw can be exploited by remote attackers to perform a heap-based buffer over-read, potentially leading to unauthorized access or information leakage. Attackers may craft specific authorization digest headers to trigger this error, which poses a security risk to applications relying on LibHTP for network processing.

References

https://suricata-ids.org/2018/07/18/suricata-4-0-5-availa...

x_refsource_CONFIRM

https://lists.debian.org/debian-lts-announce/2019/04/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2019
Vulnerability Reserved
Apr 20, 2018

Oisf

What is CVE-2018-10243?

References

CVSS V3.1

Timeline