As per the GitHub advisory [0], this seems to have been introduced in version 0.5.46 by commit bf618ec7 [1]. The fix can be found in commit 79e713f3 [2]. openSUSE:Factory/libhtp is affected by this issue. [0] https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg [1] https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d [2] https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed