CVE-2024-32663

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64
https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019
https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5
https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r
https://redmine.openinfosecfoundation.org/issues/6892
https://redmine.openinfosecfoundation.org/issues/6900
https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64
https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019
https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5
https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r
https://redmine.openinfosecfoundation.org/issues/6892
https://redmine.openinfosecfoundation.org/issues/6900

Configurations

No configuration.

History

21 Nov 2024, 09:15

Type	Values Removed	Values Added
Summary		(es) Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. Antes de 7.0.5 y 6.0.19, una pequeña cantidad de tráfico HTTP/2 puede hacer que Suricata utilice una gran cantidad de memoria. El problema se solucionó en Suricata 7.0.5 y 6.0.19. Los workarounds incluyen deshabilitar el analizador HTTP/2 y reducir el valor `app-layer.protocols.http2.max-table-size` (el valor predeterminado es 65536).
References	~~() https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64 -~~	() https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64 -
References	~~() https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd -~~	() https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd -
References	~~() https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019 -~~	() https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019 -
References	~~() https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5 -~~	() https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5 -
References	~~() https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r -~~	() https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r -
References	~~() https://redmine.openinfosecfoundation.org/issues/6892 -~~	() https://redmine.openinfosecfoundation.org/issues/6892 -
References	~~() https://redmine.openinfosecfoundation.org/issues/6900 -~~	() https://redmine.openinfosecfoundation.org/issues/6900 -

07 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 15:15

Updated : 2024-11-21 09:15

NVD link : CVE-2024-32663

Mitre link : CVE-2024-32663

CVE.ORG link : CVE-2024-32663

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling

7.5 /10