USN-7814-1: LibHTP vulnerabilities

USN-7814-1: LibHTP vulnerabilities

Publication date: 9 October 2025
Overview: Several security issues were fixed in LibHTP.

Packages
libhtp - Security-aware parser for the HTTP protocol

Details
It was discovered that LibHTP did not correctly handle certain HTTP
headers. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-23837)

It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-28871)

It was discovered that LibHTP did not correctly parse certain HTTP
requests. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2024-45797)

It was discovered that LibHTP did not correctly handle certain memory
operations. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-53537)

Update instructions
In general, a standard system update will make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

25.04 plucky :

• libhtp-dev – 1:0.5.49-1ubuntu0.1
• libhtp2 – 1:0.5.49-1ubuntu0.1

24.04 LTS noble

• libhtp-dev – 1:0.5.46-1ubuntu2+esm1
• libhtp2 – 1:0.5.46-1ubuntu2+esm1

22.04 LTS jammy

• libhtp-dev – 1:0.5.39-1ubuntu0.1~esm1
• libhtp2 – 1:0.5.39-1ubuntu0.1~esm1

20.04 LTS focal

• libhtp-dev – 1:0.5.32-1ubuntu0.1~esm1
• libhtp2 – 1:0.5.32-1ubuntu0.1~esm1

18.04 LTS bionic

• libhtp-dev – 1:0.5.26-1ubuntu0.1~esm1
• libhtp2 – 1:0.5.26-1ubuntu0.1~esm1

16.04 LTS xenial

• libhtp-dev – 0.5.15-1ubuntu0.1~esm1
• libhtp1 – 0.5.15-1ubuntu0.1~esm1