ALT Linux Team

Package libhtp update in c10f2 on 2025-08-12

ALT-PU-2025-10159-3

Package libhtp updated to version 0.5.51-alt1 for branch c10f2 in task 391883.

Closed vulnerabilities

Published: 2025-11-26
Modified: 2025-11-28

BDU:2025-14722

Уязвимость библиотеки синтаксического анализа протокола HTTP LibHTP, связанная с утечкой памяти, позволяющая нарушителю оказать воздействие на доступность защищаемой информации

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2025-07-23
Modified: 2025-08-05

CVE-2025-53537

LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false. This issue is fixed in version 0.5.51.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top