CVE-2024-38535

Published: Jul 11, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

Affected (2)

Products: Oisf: Suricata

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oisf Suricata	Before 6.0.20
Oisf Suricata	From 7.0.0 to 7.0.6

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (12)

https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7

Source: security-advisories@github.com

Patch

https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2

Source: security-advisories@github.com

Patch

https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563

Source: security-advisories@github.com

Vendor Advisory

https://redmine.openinfosecfoundation.org/issues/7104

Source: security-advisories@github.com

Permissions Required

https://redmine.openinfosecfoundation.org/issues/7105

Source: security-advisories@github.com

Issue Tracking

https://redmine.openinfosecfoundation.org/issues/7112

Source: security-advisories@github.com

Issue Tracking

https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://redmine.openinfosecfoundation.org/issues/7104

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://redmine.openinfosecfoundation.org/issues/7105

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://redmine.openinfosecfoundation.org/issues/7112

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.