CVE-2024-38536

Suricata http/range: NULL-ptr deref when http.memcap is reached

CVSS 7.5 HIGHEPSS 0.9%CWE-476

In short

Suricata crashes when processing HTTP traffic if a memory limit (http.memcap) is exceeded. This happens because the system doesn't properly handle when it runs out of allocated memory, causing the application to fail and stop monitoring network threats.

Technical detail

A NULL pointer dereference occurs in Suricata's HTTP range processing when the http.memcap memory limit is reached, resulting in failed memory allocation that is not properly handled. An attacker can trigger memory exhaustion by sending crafted HTTP requests with large range headers, causing a denial of service by crashing the Suricata process. The vulnerability requires the ability to send network traffic to the monitored interface.

Summary generated and translated by AI from the official description.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

OISF · suricata

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh https://redmine.openinfosecfoundation.org/issues/7029 https://redmine.openinfosecfoundation.org/issues/7033