LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-26
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-10-10
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-04-04
libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).
CVSS Score
7.5
EPSS Score
0.008
Published
2017-08-28