CVE-2024-47522

Name
CVE-2024-47522
Description
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7
MISC https://redmine.openinfosecfoundation.org/issues/7267
af854a3a-2127-422b-91ae-364da2661108 https://www.vicarius.io/vsociety/posts/cve-2024-47522-detect-suricata-vulnerability
af854a3a-2127-422b-91ae-364da2661108 https://www.vicarius.io/vsociety/posts/cve-2024-47522-mitigate-suricata-vulnerability

Match rules

CPE URI Source package Min version Max version
suricata >= 0 < 7.0.7

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
suricata edge-community 7.0.7-r0 Steve McMaster <code@mcmaster.io> fixed
suricata edge-community 7.0.6-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 6.0.4-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 6.0.3-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata 3.22-community 7.0.7-r0 None fixed
suricata 3.22-community 7.0.6-r0 None possibly vulnerable
suricata 3.22-community 6.0.4-r0 None possibly vulnerable
suricata 3.22-community 6.0.3-r0 None possibly vulnerable
suricata 3.21-community 7.0.7-r0 Steve McMaster <code@mcmaster.io> fixed
suricata 3.20-community 7.0.7-r0 Steve McMaster <code@mcmaster.io> fixed