CVE-2024-23839

Suricata http: heap use after free with http.request_header and http.response_header keywords

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.

References

Link	Tags
https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7	mitigation vendor advisory
https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f	patch
https://redmine.openinfosecfoundation.org/issues/6657	issue tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/	mailing list
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/	mailing list

Frequently Asked Questions

What is the severity of CVE-2024-23839?: CVE-2024-23839 has been scored as a high severity vulnerability.
How to fix CVE-2024-23839?: To fix CVE-2024-23839, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-23839 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-23839 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-23839?: CVE-2024-23839 affects OISF suricata.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions