Home / mailingsPDF  

[USN-7814-1] LibHTP vulnerabilities

Posted on 10 October 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7814-1
October 09, 2025

libhtp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in LibHTP.

Software Description:
- libhtp: Security-aware parser for the HTTP protocol

Details:

It was discovered that LibHTP did not correctly handle certain HTTP
headers. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-23837)

It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-28871)

It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2024-45797)

It was discovered that LibHTP did not correctly handle certain memory
operations. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-53537)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libhtp-dev 1:0.5.49-1ubuntu0.1
libhtp2 1:0.5.49-1ubuntu0.1

Ubuntu 24.04 LTS
libhtp-dev 1:0.5.46-1ubuntu2+esm1
Available with Ubuntu Pro
libhtp2 1:0.5.46-1ubuntu2+esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libhtp-dev 1:0.5.39-1ubuntu0.1~esm1
Available with Ubuntu Pro
libhtp2 1:0.5.39-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libhtp-dev 1:0.5.32-1ubuntu0.1~esm1
Available with Ubuntu Pro
libhtp2 1:0.5.32-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libhtp-dev 1:0.5.26-1ubuntu0.1~esm1
Available with Ubuntu Pro
libhtp2 1:0.5.26-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libhtp-dev 0.5.15-1ubuntu0.1~esm1
Available with Ubuntu Pro
libhtp1 0.5.15-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7814-1
CVE-2024-23837, CVE-2024-28871, CVE-2024-45797, CVE-2025-53537

Package Information:
https://launchpad.net/ubuntu/+source/libhtp/1:0.5.49-1ubuntu0.1

--===============1220543182792722087==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :