CVE-2024-45797

Description

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.

How to fix CVE-2024-45797

To remediate CVE-2024-45797, upgrade the affected package to a fixed version below.

Debian/libhtp—upgrade to 1:0.5.36-1+deb11u1 or later

Is CVE-2024-45797 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1:0.5.36-1+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2024-45797