{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28871", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-11T22:45:07.688Z", "datePublished": "2024-04-04T14:46:02.803Z", "dateUpdated": "2024-08-26T20:45:59.274Z"}, "containers": {"cna": {"title": "Excessive CPU used on malformed traffic", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg"}, {"name": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed"}, {"name": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/6757"}], "affected": [{"vendor": "OISF", "product": "libhtp", "versions": [{"version": "= 0.5.46", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T14:46:02.803Z"}, "descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available."}], "source": {"advisory": "GHSA-ffr2-45w9-7wmg", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.322Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg"}, {"name": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed"}, {"name": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://redmine.openinfosecfoundation.org/issues/6757"}]}, {"affected": [{"vendor": "oisf", "product": "libhtp", "cpes": ["cpe:2.3:a:oisf:libhtp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.5.46", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-04T15:49:46.678225Z", "id": "CVE-2024-28871", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T20:45:59.274Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "name": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "name": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "name": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/6757", "name": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.322Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28871", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-04T15:49:46.678225Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:oisf:libhtp:*:*:*:*:*:*:*:*"], "vendor": "oisf", "product": "libhtp", "versions": [{"status": "affected", "version": "0.5.46"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T20:45:37.618Z"}}], "cna": {"title": "Excessive CPU used on malformed traffic", "source": {"advisory": "GHSA-ffr2-45w9-7wmg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OISF", "product": "libhtp", "versions": [{"status": "affected", "version": "= 0.5.46"}]}], "references": [{"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "name": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "name": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "name": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["x_refsource_MISC"]}, {"url": "https://redmine.openinfosecfoundation.org/issues/6757", "name": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T14:46:02.803Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28871", "state": "PUBLISHED", "dateUpdated": "2024-08-26T20:45:59.274Z", "dateReserved": "2024-03-11T22:45:07.688Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-04T14:46:02.803Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available."}, {"lang": "es", "value": "LibHTP es un analizador consciente de la seguridad para el protocolo HTTP y los bits y piezas relacionados. La versi\u00f3n 0.5.46 puede analizar el tr\u00e1fico de solicitudes con formato incorrecto, lo que provoca un uso excesivo de la CPU. La versi\u00f3n 0.5.47 contiene un parche para el problema. No hay workarounds disponibles."}], "id": "CVE-2024-28871", "lastModified": "2024-04-04T16:33:06.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-04-04T15:15:38.647", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed"}, {"source": "security-advisories@github.com", "url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d"}, {"source": "security-advisories@github.com", "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/6757"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}