Reachable assertion in Suricata - CVE-2024-47522
Published: October 16, 2024 / Updated: April 27, 2026
Suricata
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to reachable assertion in JA4 processing for TLS/QUIC traffic when handling invalid ALPN values. A remote attacker can send specially crafted TLS or QUIC traffic to cause a denial of service.
The issue is exposed when JA4 matching or logging is enabled.