SB2024032640 - Multiple vulnerabilities in Suricata
Published: March 26, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error (CVE-ID: CVE-2024-24568)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input when handling HTTP2 headers. A remote attacker can use specially crafted HTTP/2 requests to bypass existing ruleset.
2) Use-after-free (CVE-ID: CVE-2024-23839)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when handling HTTP traffic. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that http.request_header or http.response_header keywords are used if the ruleset.
3) Resource exhaustion (CVE-ID: CVE-2024-23836)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
4) Resource exhaustion (CVE-ID: CVE-2024-23835)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources during pgsql parsing. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c
- https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0
- https://redmine.openinfosecfoundation.org/issues/6717
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/
- https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7
- https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f
- https://redmine.openinfosecfoundation.org/issues/6657
- https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc
- https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7
- https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747
- https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7
- https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc
- https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97
- https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8
- https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786
- https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5
- https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01
- https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af
- https://redmine.openinfosecfoundation.org/issues/6531
- https://redmine.openinfosecfoundation.org/issues/6532
- https://redmine.openinfosecfoundation.org/issues/6540
- https://redmine.openinfosecfoundation.org/issues/6658
- https://redmine.openinfosecfoundation.org/issues/6659
- https://redmine.openinfosecfoundation.org/issues/6660
- https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc
- https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd
- https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f
- https://redmine.openinfosecfoundation.org/issues/6411