Lucene search

K

[email protected]NVD:CVE-2024-24568

HistoryFeb 26, 2024 - 4:27 p.m.

CVE-2024-24568

2024-02-2616:27:58

CWE-284

[email protected]

web.nvd.nist.gov

1

suricata

vulnerabilities

http2

inspection

patched

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0

Percentile

15.5%

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.

References

github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0

github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c

lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/

lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/

redmine.openinfosecfoundation.org/issues/6717

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0

Percentile

15.5%

Related for NVD:CVE-2024-24568

veracode1 osv1 ubuntucve1 debiancve1 cvelist1 prion1 vulnrichment1 cve1 openvas2 nessus3 fedora2 freebsd1