CVE-2024-23839
Suricata http: heap use after free with http.request_header and http.response_header keywords
In short
Suricata, a network security tool, has a memory bug where specially crafted network traffic can cause it to crash or behave unpredictably if rules check HTTP request or response headers. This affects the tool's ability to monitor and protect networks reliably.
Technical detail
A heap use-after-free vulnerability (CWE-416) exists in Suricata versions prior to 7.0.3 when processing HTTP headers via the http.request_header or http.response_header keywords. Malicious or specially crafted network traffic can trigger memory corruption, leading to information disclosure or denial of service. The vulnerability requires the vulnerable keywords to be present in active ruleset configurations.
Summary generated and translated by AI from the official description.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected products
OISF · suricataWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8fhttps://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/https://redmine.openinfosecfoundation.org/issues/6657