Project

General

Profile

Actions
Copy link

Security #7766

closed
PA PA

libhtp-c: memory leak with lzma

Security #7766: libhtp-c: memory leak with lzma

Added by Philippe Antoine 10 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.11
Affected Versions:
Label:
CVE:
2025-53537
Git IDs:

9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7

Severity:
HIGH
Disclosure Date:
09/15/2025

Description

Found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/425041683?pli=1

Only in 7

I would go for critical (leaking 256 kilobytes at a time)

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
 #1

  • Status changed from New to In Review

Gitlab MR

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #2

Would the client have to request using lzma or can the server just decide to use it?

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
 #3

Victor Julien wrote in #note-2:

Would the client have to request using lzma or can the server just decide to use it?

Oh I checked and apparently, the client can also use lzma and thus trigger the bug... (even if I did not think so)

JI Updated by Jason Ish 10 months ago Actions
Copy link
 #4

  • Severity changed from MODERATE to HIGH

SB Updated by Shivani Bhardwaj 10 months ago Actions
Copy link
 #5

  • Status changed from In Review to Resolved

PA Updated by Philippe Antoine 9 months ago Actions
Copy link
 #7

  • Status changed from Resolved to Closed

Commit 9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7 in libhtp

JI Updated by Jason Ish 9 months ago Actions
Copy link
 #8

  • Private changed from Yes to No
  • Git IDs updated (diff)
Actions
Copy link

Also available in: PDF Atom