CVE-2024-28871

{"id": "CVE-2024-28871", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-04T15:15:38.647", "references": [{"url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://redmine.openinfosecfoundation.org/issues/6757", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available."}, {"lang": "es", "value": "LibHTP es un analizador consciente de la seguridad para el protocolo HTTP y los bits y piezas relacionados. La versi\u00f3n 0.5.46 puede analizar el tr\u00e1fico de solicitudes con formato incorrecto, lo que provoca un uso excesivo de la CPU. La versi\u00f3n 0.5.47 contiene un parche para el problema. No hay workarounds disponibles."}], "lastModified": "2025-06-30T14:54:40.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oisf:libhtp:0.5.46:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23444241-F9FB-411D-965A-76586A07A815"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}