CVE-2024-32663
Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation
In short
Suricata's HTTP/2 parser has a flaw where small amounts of specially crafted traffic can cause the system to use excessive memory, potentially crashing it or making it unresponsive. This happens because the parser doesn't properly handle compressed headers.
Technical detail
The vulnerability exists in the HTTP/2 header decompression logic (CWE-400: Uncontrolled Resource Consumption, CWE-770: Allocation of Resources Without Limits or Throttling). An attacker can send minimal HTTP/2 traffic with malformed compressed headers that trigger disproportionate memory allocation in Suricata versions before 7.0.5 and 6.0.19, leading to denial of service through resource exhaustion.
Summary generated and translated by AI from the official description.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
OISF · suricataWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fdhttps://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266rhttps://lists.debian.org/debian-lts-announce/2025/03/msg00029.htmlhttps://redmine.openinfosecfoundation.org/issues/6892https://redmine.openinfosecfoundation.org/issues/6900