#VU113190 Memory leak in libhtp - CVE-2025-53537


Vulnerability identifier: #VU113190

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-53537

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libhtp
Other software / Other software solutions

Vendor: Open Information Security Foundation

Description
The vulnerability allows a remote attacker to perform denial of service (DoS) attack on the target system.

The vulnerability exists due memory leak. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libhtp: 0.5.0 - 0.5.51

External links
https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7
https://github.com/OISF/libhtp/security/advisories/GHSA-v3qq-h8mh-vph7

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Ubuntu update for libhtp
Fedora 42 update for suricata
Fedora 42 update for suricata
Fedora 41 update for suricata
Fedora EPEL 8 update for suricata
Fedora 41 update for suricata
Fedora EPEL 8 update for suricata
Fedora EPEL 9 update for suricata
Fedora EPEL 9 update for suricata
Denial of service in libhtp