CVE-2024-47522

Published: Oct 16, 2024Modified: Sep 25, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.

Affected (1)

Products: Oisf: Suricata

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oisf Suricata	Before 7.0.7

Related CWEs

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (4)

https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7

Source: security-advisories@github.com

MitigationThird Party Advisory

https://redmine.openinfosecfoundation.org/issues/7267

Source: security-advisories@github.com

Issue TrackingVendor Advisory

https://www.vicarius.io/vsociety/posts/cve-2024-47522-detect-suricata-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.vicarius.io/vsociety/posts/cve-2024-47522-mitigate-suricata-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.