Lucene search

Veracode Vulnerability DatabaseVERACODE:45657

HistoryFeb 27, 2024 - 3:51 p.m.

Allocation Of Resources Without Limits

2024-02-2715:51:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

suricata

vulnerability

memory allocation

pgsql parsing

out-of-memory

oom-related

crashes

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

Percentile

10.3%

JSON

Suricata is vulnerable to Allocation of Resources Without Limits. The vulnerability is due to excessive memory use during pgsql parsing in Suricata versions prior to 7.0.3, leading to Out-of-Memory (OOM)-related crashes.

References

github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd

github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f

github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc

lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/

lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/

redmine.openinfosecfoundation.org/issues/6411

security-tracker.debian.org/tracker/CVE-2024-23835

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

Percentile

10.3%

JSON

Related for VERACODE:45657