CVE-2024-23837
libhtp - security update
7.5
HIGH
CVSS 3.1
EPSS 0.25%
Description
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
How to fix CVE-2024-23837
To remediate CVE-2024-23837, upgrade the affected package to a fixed version below.
- Debian/libhtp—upgrade to 1:0.5.36-1+deb11u1 or later
- —upgrade to 1:0.5.36-1+deb11u1 or later
Is CVE-2024-23837 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:0.5.36-1+deb11u1
- from 0, < 1:0.5.36-1+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |