{"id":"CVE-2024-23837","summary":"LibHTP unbounded folded header handling leads to denial service","details":"LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.","aliases":["GHSA-f9wf-rrjj-qx8m"],"modified":"2026-04-10T05:10:37.523158Z","published":"2024-02-26T16:17:24.372Z","related":["openSUSE-SU-2024:0150-1","openSUSE-SU-2024:0150-2","openSUSE-SU-2024:13706-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23837.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-770"]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00009.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"},{"type":"WEB","url":"https://redmine.openinfosecfoundation.org/issues/6444"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23837.json"},{"type":"ADVISORY","url":"https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23837"},{"type":"FIX","url":"https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oisf/libhtp","events":[{"introduced":"0"},{"fixed":"3b9ed734874e8bf64f1239abac42f77e99cfd906"}]}],"versions":["0.5.0","0.5.1","0.5.10","0.5.11","0.5.12","0.5.13","0.5.14","0.5.15","0.5.16","0.5.17","0.5.18","0.5.19","0.5.2","0.5.20","0.5.21","0.5.22","0.5.23","0.5.24","0.5.25","0.5.26","0.5.27","0.5.28","0.5.29","0.5.3","0.5.30","0.5.31","0.5.32","0.5.33","0.5.34","0.5.35","0.5.36","0.5.37","0.5.38","0.5.39","0.5.4","0.5.40","0.5.41","0.5.42","0.5.43","0.5.44","0.5.45","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23837.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}