Lucene search

K

Ubuntu.comUB:CVE-2024-23835

HistoryFeb 26, 2024 - 12:00 a.m.

CVE-2024-23835

2024-02-2600:00:00

ubuntu.com

ubuntu.com

7

suricata

network security

vulnerability

memory use

patch

pgsql

parser

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%

Suricata is a network Intrusion Detection System, Intrusion Prevention
System and Network Security Monitoring engine. Prior to version 7.0.3,
excessive memory use during pgsql parsing could lead to OOM-related
crashes. This vulnerability is patched in 7.0.3. As workaround, users can
disable the pgsql app layer parser.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsuricata< anyUNKNOWN
ubuntu22.04noarchsuricata< anyUNKNOWN
ubuntu24.04noarchsuricata< anyUNKNOWN
ubuntu16.04noarchsuricata< anyUNKNOWN

References

github.com/OISF/suricata/commit/61a32360eba3c032de51029a05515ab46690286f (suricata-7.0.3)

github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd

github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd (master)

github.com/OISF/suricata/commit/b0d762d2675a2441b74e039d54bfa5b050641f8e (suricata-7.0.3)

github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f

github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f (master)

github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc

launchpad.net/bugs/cve/CVE-2024-23835

nvd.nist.gov/vuln/detail/CVE-2024-23835

redmine.openinfosecfoundation.org/issues/6411

security-tracker.debian.org/tracker/CVE-2024-23835

www.cve.org/CVERecord?id=CVE-2024-23835

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%

Related for UB:CVE-2024-23835

prion1 debiancve1 vulnrichment1 cve1 osv1 nvd1 veracode1 cvelist1 nessus3 openvas2 fedora2 freebsd1