CVE-2024-23839 Information

Description

Suricata is a network Intrusion Detection System Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3 specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability avoid the http.request_header and http.response_header keywords.

Reference

https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7 https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f https://redmine.openinfosecfoundation.org/issues/6657