HTTP Protocol Parser Vulnerability in LibHTP by Open Information Security Foundation
CVE-2024-28871

Currently unrated

Key Information:

Vendor: Open Information Security Foundation
Status: LibHTP
Vendor: CVE Published:; 4 April 2024

🔔 Create Open Information Security Foundation Vulnerability Alert

What is CVE-2024-28871?

The LibHTP library, which serves as a security-focused parser for HTTP protocol traffic, exhibits a vulnerability in version 0.5.46. This flaw arises from its handling of malformed request traffic. When such malformed requests are processed, they can lead to excessive CPU resource consumption, potentially resulting in a denial of service situation. Users are advised to upgrade to version 0.5.47, where a patch has been introduced to mitigate this issue. Currently, there are no alternative workarounds available.

References

https://github.com/OISF/libhtp/security/advisories/GHSA-f...

https://github.com/OISF/libhtp/commit/79e713f3e527593a45f...

https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f...

Timeline

Vulnerability published
Apr 4, 2024

JSON