CVE-2024-45797: 
Suricata vulnerability analysis and mitigation

LibHTP, a security-aware parser for the HTTP protocol, was found to contain a vulnerability (CVE-2024-45797) prior to version 0.5.49. The vulnerability was discovered and disclosed in October 2024, affecting systems using LibHTP for HTTP protocol parsing, including Suricata and Oracle Solaris implementations (NVD, GitHub Advisory).

The vulnerability stems from unbounded processing of HTTP request and response headers, which can lead to quadratic complexity in headers processing and finding. The issue has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) (GitHub Advisory, NVD).

The vulnerability can result in excessive CPU time and memory utilization, potentially leading to extreme system slowdowns. This primarily affects the availability of systems running the vulnerable LibHTP versions, as the unbounded processing of headers can be exploited to create denial of service conditions (GitHub Advisory).

The vulnerability has been patched in LibHTP version 0.5.49. Users are advised to upgrade to this version or later. The fix implements limits on the number of headers that can be processed, preventing the unbounded processing issue (GitHub Advisory).

The vulnerability has been acknowledged and addressed by multiple vendors, including Oracle, who included fixes for this vulnerability in their January 2025 Third Party Bulletin for Oracle Solaris (Oracle Bulletin).