CVE-2024-38535

2024-07-1115:15:12

Debian Security Bug Tracker

security-tracker.debian.org

cve-2024-38535

suricata

network security

memory exhaustion

http/2

upgrade

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

38.1%

JSON

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

OSVersionArchitecturePackageVersionFilename
Debian12allsuricata<= 1:6.0.10-1suricata_1:6.0.10-1_all.deb
Debian11allsuricata<= 1:6.0.1-3suricata_1:6.0.1-3_all.deb
Debian999allsuricata< 1:7.0.6-1suricata_1:7.0.6-1_all.deb
Debian13allsuricata< 1:7.0.6-1suricata_1:7.0.6-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	suricata	<= 1:6.0.10-1	suricata_1:6.0.10-1_all.deb
Debian	11	all	suricata	<= 1:6.0.1-3	suricata_1:6.0.1-3_all.deb
Debian	999	all	suricata	< 1:7.0.6-1	suricata_1:7.0.6-1_all.deb
Debian	13	all	suricata	< 1:7.0.6-1	suricata_1:7.0.6-1_all.deb