CVE-2024-38535

EPSS 0.83%
Published 11.07.2024 15:15:12
Last modified 21.11.2024 09:26:14
Source security-advisories@github.com
Teams watchlist Login
Open Login

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Oisf ≫ Suricata Version < 6.0.20

Oisf ≫ Suricata Version >= 7.0.0 < 7.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.83%	0.735

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7

Patch

https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2

Patch

https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563

Vendor Advisory

https://redmine.openinfosecfoundation.org/issues/7104

Permissions Required

https://redmine.openinfosecfoundation.org/issues/7105

Issue Tracking

https://redmine.openinfosecfoundation.org/issues/7112

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-38535

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38535

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38535

EUVD