CVE-2024-32663

CVE-2024-32663

Name

CVE-2024-32663

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64
MISC	https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
MISC	https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019
MISC	https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5
CONFIRM	https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r
MISC	https://redmine.openinfosecfoundation.org/issues/6892
MISC	https://redmine.openinfosecfoundation.org/issues/6900
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html

Type

URI

MISC

https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64

MISC

https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd

MISC

https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019

MISC

https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5

CONFIRM

https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r

MISC

https://redmine.openinfosecfoundation.org/issues/6892

MISC

https://redmine.openinfosecfoundation.org/issues/6900

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html

CPE URI	Source package	Min version	Max version
	suricata	>= 7.0.0	<= 7.0.4
	suricata	>= 6.0.0	<= 6.0.18

CPE URI

Source package

Min version

Max version

suricata

>= 7.0.0

<= 7.0.4

suricata

>= 6.0.0

<= 6.0.18

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
suricata	edge-community	7.0.6-r0	Steve McMaster <code@mcmaster.io>	fixed
suricata	edge-community	6.0.4-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.3-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	3.22-community	7.0.6-r0	None	fixed
suricata	3.22-community	6.0.4-r0	None	possibly vulnerable
suricata	3.22-community	6.0.3-r0	None	possibly vulnerable
suricata	3.21-community	7.0.6-r0	None	fixed
suricata	3.20-community	7.0.6-r0	Steve McMaster <code@mcmaster.io>	fixed
suricata	3.20-community	6.0.7-r0	None	fixed
suricata	3.19-community	7.0.2-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

suricata

edge-community

7.0.6-r0

Steve McMaster <code@mcmaster.io>

fixed

suricata

edge-community