CVE-2024-23836

2024-02-2616:27:57

CWE-770

[email protected]

web.nvd.nist.gov

suricata

network security

denial of service

cve-2024-23836

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.9%

JSON

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the stream.reassembly.depth value helps reduce the severity of the issue.

Affected configurations

Vulners

Node

oisfsuricataRange<6.0.16

oisfsuricataRange7.0.0–7.0.3

VendorProductVersionCPE
oisfsuricata*cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
oisfsuricata*cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oisf	suricata	*	cpe:2.3:a:oisf:suricata::::::::
oisf	suricata	*	cpe:2.3:a:oisf:suricata::::::::

CNA Affected

[
  {
    "vendor": "OISF",
    "product": "suricata",
    "versions": [
      {
        "version": "< 6.0.16",
        "status": "affected"
      },
      {
        "version": ">= 7.0.0, < 7.0.3",
        "status": "affected"
      }
    ]
  }
]