CVE-2024-28871

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed	Patch
https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d	Patch
https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg	Vendor Advisory
https://redmine.openinfosecfoundation.org/issues/6757	Issue Tracking
https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed	Patch
https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d	Patch
https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg	Vendor Advisory
https://redmine.openinfosecfoundation.org/issues/6757	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:oisf:libhtp:0.5.46:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-04-04 15:15

Updated : 2025-06-30 14:54

NVD link : CVE-2024-28871

Mitre link : CVE-2024-28871

CVE.ORG link : CVE-2024-28871

JSON object : View

Products Affected

oisf

libhtp

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2024-28871", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-04T15:15:38.647", "references": [{"url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available."}, {"lang": "es", "value": "LibHTP es un analizador consciente de la seguridad para el protocolo HTTP y los bits y piezas relacionados. La versi\u00f3n 0.5.46 puede analizar el tr\u00e1fico de solicitudes con formato incorrecto, lo que provoca un uso excesivo de la CPU. La versi\u00f3n 0.5.47 contiene un parche para el problema. No hay workarounds disponibles."}], "lastModified": "2025-06-30T14:54:40.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oisf:libhtp:0.5.46:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23444241-F9FB-411D-965A-76586A07A815"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}