CVE-2024-23835
Suricata's pgsql: memory exhaustion use on record parsing
In short
Suricata's PostgreSQL parser can consume excessive memory while analyzing network traffic, causing the system to crash. This happens when processing specially crafted PostgreSQL messages and affects security monitoring capabilities.
Technical detail
A resource exhaustion vulnerability (CWE-400, CWE-770) in Suricata's pgsql app layer parser allows unauthenticated attackers to trigger excessive memory allocation during record parsing via crafted network packets. The attack vector is network-based with no authentication required; successful exploitation leads to denial of service through out-of-memory conditions affecting the IDS/IPS engine.
Summary generated and translated by AI from the official description.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
OISF · suricataWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81ddhttps://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464fhttps://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwchttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/https://redmine.openinfosecfoundation.org/issues/6411