CVE-2024-38535

Suricata http2: oom from duplicate headers

CVSS 7.5 HIGHEPSS 1.2%CWE-770

In short

Suricata can crash due to running out of memory when processing specially crafted HTTP/2 traffic with duplicate headers. This affects network security monitoring and could disrupt threat detection.

Technical detail

A memory exhaustion vulnerability exists in Suricata's HTTP/2 parser when handling duplicate headers in crafted packets. An attacker sending malicious HTTP/2 traffic can trigger excessive memory consumption, causing denial of service. The vulnerability affects versions prior to 6.0.20 and 7.0.6.

Summary generated and translated by AI from the official description.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

OISF · suricata

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7 https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2 https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563 https://redmine.openinfosecfoundation.org/issues/7104 https://redmine.openinfosecfoundation.org/issues/7105 https://redmine.openinfosecfoundation.org/issues/7112