Project

General

Profile

Actions
Copy link

Security #6533

closed
OT PA

Security #6444: http1: quadratic complexity from infinite folded headers

http1: quadratic complexity from infinite folded headers (7.0.x backport)

Security #6533: http1: quadratic complexity from infinite folded headers (7.0.x backport)

Added by OISF Ticketbot over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.3
Affected Versions:
Label:
CVE:
2024-23837
Git IDs:

20ac301d801cdf01b3f021cca08a22a87f477c4a

Severity:
CRITICAL
Disclosure Date:

JI Updated by Jason Ish about 2 years ago Actions
Copy link
 #1

  • Severity changed from MODERATE to CRITICAL

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
 #2

  • Status changed from Assigned to Resolved

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
 #3

  • CVE set to 2024-23837

Issue is in libhtp and is fixed in libhtp 0.5.46.

PA Updated by Philippe Antoine about 2 years ago Actions
Copy link
 #4

  • Status changed from Resolved to Closed
  • Git IDs updated (diff)

VJ Updated by Victor Julien about 2 years ago Actions
Copy link
 #5

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom