CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

History

12 Jul 2024, 18:46

Type Values Removed Values Added
First Time Oisf suricata
Oisf
CPE cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
Summary
  • (es) Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. Suricata puede quedarse sin memoria al analizar el tráfico HTTP/2 manipulado. Actualice a 6.0.20 o 7.0.6.
References () https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7 - () https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7 - Patch
References () https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2 - () https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2 - Patch
References () https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563 - () https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563 - Vendor Advisory
References () https://redmine.openinfosecfoundation.org/issues/7104 - () https://redmine.openinfosecfoundation.org/issues/7104 - Permissions Required
References () https://redmine.openinfosecfoundation.org/issues/7105 - () https://redmine.openinfosecfoundation.org/issues/7105 - Issue Tracking
References () https://redmine.openinfosecfoundation.org/issues/7112 - () https://redmine.openinfosecfoundation.org/issues/7112 - Issue Tracking

11 Jul 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-11 15:15

Updated : 2024-07-12 18:46


NVD link : CVE-2024-38535

Mitre link : CVE-2024-38535

CVE.ORG link : CVE-2024-38535


JSON object : View

Products Affected

oisf

  • suricata
CWE
CWE-770

Allocation of Resources Without Limits or Throttling