Heap of Trouble: Dissecting the Integer Overflow in LibHyperHTTP (CVE-2024-13337)
Vulnerability ID: GHSA-6MW6-MJ76-GRWC
CVSS Score: 9.8
Published: 2026-01-05
A critical integer overflow vulnerability in the LibHyperHTTP library allows remote attackers to trigger a heap buffer overflow via crafted HTTP headers, leading to potential Remote Code Execution (RCE).
TL;DR
LibHyperHTTP, a popular embedded web server library, failed to validate header lengths before addition. By sending a header size close to MAX_UINT, attackers can wrap the integer counter, causing a tiny memory allocation followed by a massive memcpy. Result: Immediate heap corruption and RCE.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-190 (Integer Overflow or Wraparound)
- Attack Vector: Network (AV:N)
- Impact: Critical (Confidentiality, Integrity, Availability)
- CVSS v3.1: 9.8
- Exploit Status: Proof of Concept Available
- EPSS Score: 0.85 (High Probability)
Affected Systems
- IoT Gateways using LibHyperHTTP < 2.4.1
- Embedded Web Servers
- Industrial Control Panels
-
LibHyperHTTP: < 2.4.1 (Fixed in:
2.4.1)
Code Analysis
Commit: 7f8a9b1
Fix integer overflow in header length calculation
@@ -45,7 +45,10 @@
- total_len += headers[i].len;
+ if (__builtin_add_overflow(total_len, headers[i].len, &total_len)) {
+ return ERR_OVERFLOW;
+ }
Exploit Details
- ExploitDB: PoC Python script generating overflowing headers
Mitigation Strategies
- Input Validation: Enforce strict maximum limits on HTTP header sizes before processing.
- Safe Arithmetic: Use functions like
__builtin_add_overflowor SafeInt classes. - Memory Safety: Consider migrating critical parsers to memory-safe languages like Rust.
Remediation Steps:
- Upgrade LibHyperHTTP to version 2.4.1 or later.
- Recompile any statically linked binaries dependent on the library.
- Restart the affected services.
References
Read the full report for GHSA-6MW6-MJ76-GRWC on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)