CVE-2024-23837: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-23837 affects LibHTP, a security-aware parser for the HTTP protocol, discovered in early 2024. The vulnerability allows crafted traffic to cause excessive processing time of HTTP headers, leading to denial of service. The issue affects versions up to 0.5.45 and has been addressed in version 0.5.46 (GitHub Advisory, NVD).

The vulnerability stems from unbounded folded header handling that can lead to quadratic complexity in processing HTTP headers. The issue is classified with CWE-770 (Allocation of Resources Without Limits or Throttling). It has received a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, no privileges required, and high impact on availability (GitHub Advisory, NVD).

When exploited, this vulnerability can cause denial of service through excessive processing time of HTTP headers. The impact is particularly severe as it affects the availability of systems using LibHTP for HTTP protocol parsing, with no impact on confidentiality or integrity (GitHub Advisory).

The vulnerability has been patched in LibHTP version 0.5.46. The fix implements a limit on the size of folded headers to prevent the quadratic complexity issue. Users are advised to upgrade to version 0.5.46 or later to address this security concern (GitHub Commit, GitHub Advisory).