Security #6533: http1: quadratic complexity from infinite folded headers (7.0.x backport) - Suricata - Open Information Security Foundation

Actions

Copy link

Security #6533

closed

Security #6444: http1: quadratic complexity from infinite folded headers

http1: quadratic complexity from infinite folded headers (7.0.x backport)

Added by OISF Ticketbot 12 months ago. Updated 8 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.3

Affected Versions:

Label:

CVE:

2024-23837

Git IDs:

20ac301d801cdf01b3f021cca08a22a87f477c4a

Severity:

CRITICAL

Disclosure Date:

Actions

Copy link

Updated by Jason Ish 9 months ago

Severity changed from MODERATE to CRITICAL

Actions

Copy link

Updated by Victor Julien 9 months ago

Status changed from Assigned to Resolved

Actions

Copy link

Updated by Victor Julien 9 months ago

CVE set to 2024-23837

Issue is in libhtp and is fixed in libhtp 0.5.46.

Actions

Copy link

Updated by Philippe Antoine 9 months ago

Status changed from Resolved to Closed
Git IDs updated (diff)

Actions

Copy link

Updated by Victor Julien 8 months ago

Private changed from Yes to No

Actions

Copy link

Updated by Victor Julien 8 months ago

https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Security #6533

http1: quadratic complexity from infinite folded headers (7.0.x backport)

Updated by Jason Ish 9 months ago

Updated by Victor Julien 9 months ago

Updated by Victor Julien 9 months ago

Updated by Philippe Antoine 9 months ago

Updated by Victor Julien 8 months ago

Updated by Victor Julien 8 months ago