CVE-2019-17420

MEDIUM

OISF LibHTP <0.5.31 - Info Disclosure

Title source: llm

Description

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.

References (3)

[Issue Tracking, Vendor Advisory] https://redmine.openinfosecfoundation.org/issues/2969

[Patch] https://github.com/OISF/libhtp/compare/0.5.30...0.5.31

[Patch, Third Party Advisory] https://github.com/OISF/libhtp/pull/213

Scores

CVSS v3 5.3

EPSS 0.0024

EPSS Percentile 47.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-459

Status published

Products (2)

oisf/libhtp < 0.5.31

suricata-ids/suricata 4.1.4

Published Oct 10, 2019

Tracked Since Feb 18, 2026