Package libhtp updated to version 0.5.36-alt1 for branch c9f2 in task 273327.

Published: 2017-08-28
Modified: 2024-11-21

CVE-2015-0928

libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2019-04-04
Modified: 2024-11-21

CVE-2018-10243

htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-10-10
Modified: 2024-11-21

CVE-2019-17420

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Version: 2.1.0

Package libhtp update in c9f2 on 2021-06-24

ALT-PU-2021-2055-2

Closed vulnerabilities

CVE-2015-0928

CVE-2018-10243

CVE-2019-17420