https://bugzilla.suse.com/show_bug.cgi?id=1231746 Bug ID: 1231746 Summary: VUL-0: CVE-2024-45797: libhtp: unbounded header handling leads to denial of service Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/424387/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: nix@opensuse.org Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: abergmann@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-45797 https://www.cve.org/CVERecord?id=CVE-2024-45797 https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f https://redmine.openinfosecfoundation.org/issues/7191 -- You are receiving this mail because: You are on the CC list for the bug.