CVE-2024-23839
Publication date 26 February 2024
Last updated 24 July 2024
Ubuntu priority
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
Status
Package | Ubuntu Release | Status |
---|---|---|
suricata | 24.10 oracular |
Needs evaluation
|
24.04 LTS noble |
Needs evaluation
|
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Ignored end of standard support |
References
Other references
- https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7
- https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f (suricata-7.0.3)
- https://redmine.openinfosecfoundation.org/issues/6657
- https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f
- https://www.cve.org/CVERecord?id=CVE-2024-23839