Several security issues were fixed in LibHTP.
Software Description:
- libhtp: Security-aware parser for the HTTP protocol
Details:
It was discovered that LibHTP did not correctly handle certain HTTP
headers. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-23837)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-28871)
It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2024-45797)
It was discovered that LibHTP did not correctly handle certain memory
operations. A remote attacker could possibly use this issue to cause a
denial of service. T...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libhtp-dev 1:0.5.49-1ubuntu0.1
libhtp2 1:0.5.49-1ubuntu0.1
Ubuntu 24.04 LTS
libhtp-dev 1:0.5.46-1ubuntu2+esm1
Available with Ubuntu Pro
libhtp2 1:0.5.46-1ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libhtp-dev 1:0.5.39-1ubuntu0.1~esm1
Available with Ubuntu Pro
libhtp2 1:0.5.39-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libhtp-dev 1:0.5.32-1ubuntu0.1~esm1
Available with Ubuntu Pro
libhtp2 1:0.5.32-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libhtp-dev 1:0.5.26-1ubuntu0.1~esm1
Available with Ubuntu Pro
libhtp2 1:0.5.26-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libhtp-dev 0.5.15-1ubuntu0.1~esm1
Available with Ubuntu Pro
libhtp1 0.5.15-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7814-1
CVE-2024-23837, CVE-2024-28871, CVE-2024-45797, CVE-2025-53537
Get the latest Linux and open source security news straight to your inbox.