Lucene search

K

Veracode Vulnerability DatabaseVERACODE:45658

HistoryFeb 27, 2024 - 3:52 p.m.

Heap Use-after-free

2024-02-2715:52:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

suricata

vulnerability

network traffic

handling

ruleset

http

attacker

memory space

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

7

Confidence

Low

EPSS

0

Percentile

15.5%

Suricata is vulnerable to a Heap Use-after-free. The vulnerability is due to inadequate handling network traffic, particularly when the ruleset utilizes the http.request_header or http.response_header keyword, allows an attacker to still access and potentially manipulate or exploit that freed memory space.

References

github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f

github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7

lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/

lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/

redmine.openinfosecfoundation.org/issues/6657

security-tracker.debian.org/tracker/CVE-2024-23839

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

7

Confidence

Low

EPSS

0

Percentile

15.5%

Related for VERACODE:45658

prion1 vulnrichment1 nvd1 osv1 debiancve1 ubuntucve1 cvelist1 cve1 nessus3 openvas2 fedora2 freebsd1