Search CVE reports
1 – 6 of 6 results
Some fixes available 6 of 7
LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To...
1 affected package
libhtp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libhtp | Fixed | Fixed | Fixed | Fixed |
Some fixes available 5 of 6
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization,...
1 affected package
libhtp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libhtp | Fixed | Fixed | Fixed | Fixed |
Some fixes available 3 of 5
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known...
1 affected package
libhtp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libhtp | Fixed | Fixed | Fixed | Not affected |
Some fixes available 4 of 6
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
1 affected package
libhtp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libhtp | Not affected | Fixed | Fixed | Fixed |
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
1 affected package
libhtp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libhtp | Not affected | Not affected | Not affected | Needs evaluation |
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
3 affected packages
htp, libhtp, suricata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
htp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libhtp | Not affected | Not affected | Not affected | Not affected |
suricata | Not affected | Not affected | Not in release | Vulnerable |