CVE-2024-38536

Name
CVE-2024-38536
Description
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh
MISC https://redmine.openinfosecfoundation.org/issues/7029
MISC https://redmine.openinfosecfoundation.org/issues/7033

Match rules

CPE URI Source package Min version Max version
suricata >= 0 < 7.0.6
cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:* suricata >= 0 < 7.0.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
suricata edge-community 7.0.6-r0 Steve McMaster <code@mcmaster.io> fixed
suricata edge-community 6.0.4-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 6.0.3-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata 3.22-community 7.0.6-r0 None fixed
suricata 3.22-community 6.0.4-r0 None possibly vulnerable
suricata 3.22-community 6.0.3-r0 None possibly vulnerable
suricata 3.21-community 7.0.6-r0 None fixed
suricata 3.20-community 7.0.6-r0 Steve McMaster <code@mcmaster.io> fixed
suricata 3.20-community 6.0.7-r0 None fixed