Project

General

Profile

Actions

Security #6757

closed

libhtp: quadratic complexity checking after request line missing protocol

Added by Philippe Antoine 8 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
Git IDs:
Severity:
CRITICAL
Disclosure Date:
05/08/2024


Subtasks 2 (0 open2 closed)

Security #6758: libhtp: quadratic complexity checking after request line mission protocol (6.0.x backport)ClosedPhilippe AntoineActions
Security #6759: libhtp: quadratic complexity checking after request line mission protocol (7.0.x backport)ClosedPhilippe AntoineActions

Related issues 2 (0 open2 closed)

Related to Suricata - Task #6769: libhtp 0.5.47ClosedVictor JulienActions
Related to Suricata - Feature #6856: http: anomaly when request line is missing protocolClosedPhilippe AntoineActions
Actions #1

Updated by OISF Ticketbot 8 months ago

  • Subtask #6758 added
Actions #2

Updated by OISF Ticketbot 8 months ago

  • Label deleted (Needs backport to 6.0)
Actions #3

Updated by OISF Ticketbot 8 months ago

  • Subtask #6759 added
Actions #4

Updated by OISF Ticketbot 8 months ago

  • Label deleted (Needs backport to 7.0)
Actions #5

Updated by Philippe Antoine 8 months ago

  • Status changed from New to In Review
  • Label Needs backport to 6.0, Needs backport to 7.0 added

Gitlab MR

Actions #6

Updated by OISF Ticketbot 8 months ago

  • Label deleted (Needs backport to 6.0)
Actions #7

Updated by OISF Ticketbot 8 months ago

  • Label deleted (Needs backport to 7.0)
Actions #8

Updated by Philippe Antoine 8 months ago

  • Tracker changed from Bug to Security
  • Severity set to MODERATE
  • Disclosure Date set to 05/08/2024
Actions #9

Updated by Philippe Antoine 8 months ago

Actions #10

Updated by Victor Julien 8 months ago

  • Subject changed from libhtp: quadratic complexity checking after request line mission protocol to libhtp: quadratic complexity checking after request line missing protocol
Actions #11

Updated by Victor Julien 8 months ago

  • Severity changed from MODERATE to CRITICAL
Actions #12

Updated by Philippe Antoine 7 months ago

  • Related to Feature #6856: http: anomaly when request line is missing protocol added
Actions #13

Updated by Victor Julien 7 months ago

  • CVE set to 2024-28871
Actions

Also available in: Atom PDF