OISF LibHTP 0.5.26

CPE Details

OISF LibHTP 0.5.26
oisf
libhtp
0.5.26
2019-05-09
17h27 +00:00
2019-05-09
17h27 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oisf:libhtp:0.5.26:*:*:*:*:*:*:*

Informations

Vendor

oisf

Product

libhtp

Version

0.5.26

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-23837 2024-02-26 16h17 +00:00 LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
7.5
High
CVE-2019-17420 2019-10-09 21h29 +00:00 In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
5.3
Medium
CVE-2018-10243 2019-04-04 13h10 +00:00 htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.