PT-2025-29086 · Open Information Security Foundation +1 · Suricata +1

Name of the Vulnerable Software and Affected Versions: Suricata versions 7.0.10 and below Suricata versions 8.0.0-beta1 through 8.0.0-rc1 Description: Suricata, a network IDS, IPS, and NSM engine, is affected by an issue where mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory...

CVE-2024-32663 Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...