Lucene search

K

Ubuntu.comUB:CVE-2024-24568

HistoryFeb 26, 2024 - 12:00 a.m.

CVE-2024-24568

2024-02-2600:00:00

ubuntu.com

ubuntu.com

4

suricata

network security

http2

vulnerability

patch

version 7.0.3

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0

Percentile

15.5%

Suricata is a network Intrusion Detection System, Intrusion Prevention
System and Network Security Monitoring engine. Prior to 7.0.3, the rules
inspecting HTTP2 headers can get bypassed by crafted traffic. The
vulnerability has been patched in 7.0.3.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsuricata< anyUNKNOWN
ubuntu22.04noarchsuricata< anyUNKNOWN
ubuntu24.04noarchsuricata< anyUNKNOWN
ubuntu16.04noarchsuricata< anyUNKNOWN

References

github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0

github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c

launchpad.net/bugs/cve/CVE-2024-24568

nvd.nist.gov/vuln/detail/CVE-2024-24568

redmine.openinfosecfoundation.org/issues/6717

security-tracker.debian.org/tracker/CVE-2024-24568

www.cve.org/CVERecord?id=CVE-2024-24568

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0

Percentile

15.5%

Related for UB:CVE-2024-24568

veracode1 osv1 nvd1 debiancve1 cvelist1 prion1 vulnrichment1 cve1 openvas2 nessus3 fedora2 freebsd1