CVE-2024-23836

crafted traffic can cause denial of service

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
EPSS 1.15% Top 25%
Vendor Advisory github.com
Affected: OISF suricata
Published at:
Updated at:

References

Link Tags
https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc vendor advisory
https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7 patch
https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747 patch
https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7 patch
https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc patch
https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97 patch
https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8 patch
https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786 patch
https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5 patch
https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01 patch
https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af patch
https://redmine.openinfosecfoundation.org/issues/6531 issue tracking
https://redmine.openinfosecfoundation.org/issues/6532 issue tracking
https://redmine.openinfosecfoundation.org/issues/6540 issue tracking
https://redmine.openinfosecfoundation.org/issues/6658 issue tracking
https://redmine.openinfosecfoundation.org/issues/6659 issue tracking
https://redmine.openinfosecfoundation.org/issues/6660 issue tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ mailing list
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ mailing list

Frequently Asked Questions

What is the severity of CVE-2024-23836?
CVE-2024-23836 has been scored as a high severity vulnerability.
How to fix CVE-2024-23836?
To fix CVE-2024-23836, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-23836 being actively exploited in the wild?
It is possible that CVE-2024-23836 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-23836?
CVE-2024-23836 affects OISF suricata.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.