CVE-2024-45797 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting libhtp, a widely used HTTP protocol parser developed by the Open Information Security Foundation (OISF). Libhtp is integral to parsing HTTP requests and responses in various security products, including intrusion detection and prevention systems like Suricata. Prior to version 0.5.49, libhtp does not impose limits on the processing of HTTP headers, which can be crafted maliciously to cause excessive CPU and memory consumption. This unbounded resource allocation can lead to extreme slowdowns or denial of service (DoS) conditions, impacting the availability of systems relying on libhtp for HTTP traffic inspection. The vulnerability can be exploited remotely without authentication or user interaction, as it involves sending specially crafted HTTP headers to the affected system. The CVSS v3.1 score of 7.5 (high) reflects the network attack vector, low attack complexity, no privileges required, no user interaction, and a high impact on availability, while confidentiality and integrity remain unaffected. Although no known exploits are reported in the wild, the potential for DoS attacks is significant, especially in environments processing large volumes of HTTP traffic. The issue is resolved in libhtp version 0.5.49, which introduces proper limits and throttling mechanisms to prevent resource exhaustion. Organizations using libhtp versions prior to 0.5.49 in their security infrastructure should prioritize upgrading to mitigate this risk.

For European organizations, the primary impact of CVE-2024-45797 is a potential denial of service through resource exhaustion on security appliances or network devices that utilize libhtp for HTTP traffic parsing. This can degrade or disrupt critical security monitoring and protection capabilities, increasing the risk of undetected attacks or network outages. Industries with high reliance on real-time traffic inspection, such as finance, telecommunications, energy, and government sectors, may experience operational disruptions. The vulnerability could also be leveraged as part of a broader attack to distract or disable security defenses. Given the network-based attack vector and lack of authentication requirements, attackers can remotely trigger the vulnerability, potentially from anywhere. This risk is heightened in environments with high HTTP traffic volumes or exposure to untrusted networks. The absence of known exploits in the wild reduces immediate urgency but does not eliminate the threat, especially as attackers often develop exploits for high-impact vulnerabilities. Failure to address this vulnerability could lead to service degradation, increased incident response costs, and reputational damage for affected organizations.

To mitigate CVE-2024-45797, organizations should immediately upgrade libhtp to version 0.5.49 or later, where the vulnerability is fixed by implementing resource allocation limits and throttling. Network security teams should audit their security appliances and software dependencies to identify usage of vulnerable libhtp versions. Deploying network-level rate limiting and anomaly detection can help identify and block suspicious HTTP header patterns that may trigger excessive resource consumption. Additionally, organizations should monitor CPU and memory usage on devices performing HTTP parsing to detect early signs of exploitation attempts. Implementing segmentation and limiting exposure of critical security infrastructure to untrusted networks reduces attack surface. Regular vulnerability scanning and patch management processes must include libhtp and related components. Finally, maintaining up-to-date threat intelligence feeds can provide early warnings if exploits emerge in the wild.