CVE-2024-32663 - OpenCVE

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64
https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019
https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5
https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r
https://redmine.openinfosecfoundation.org/issues/6892
https://redmine.openinfosecfoundation.org/issues/6900

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-07T14:48:20.366Z

Updated: 2024-08-02T02:13:40.452Z

Reserved: 2024-04-16T14:15:26.878Z

Link: CVE-2024-32663

Vulnrichment

Updated: 2024-05-23T19:01:24.098Z

NVD

Status : Awaiting Analysis

Published: 2024-05-07T15:15:08.713

Modified: 2024-05-07T20:07:58.737

Link: CVE-2024-32663

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32663", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-16T14:15:26.878Z", "datePublished": "2024-05-07T14:48:20.366Z", "dateUpdated": "2024-08-02T02:13:40.452Z"}, "containers": {"cna": {"title": "Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"}, {"name": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"}, {"name": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"}, {"name": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"}, {"name": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6892", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/6892"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6900", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/6900"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": ">= 7.0.0, <= 7.0.4", "status": "affected"}, {"version": ">= 6.0.0, <= 6.0.18", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-07T14:48:20.366Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536)."}], "source": {"advisory": "GHSA-9jxm-qw9v-266r", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32663", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-07T17:39:47.421590Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:51:29.291Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:40.452Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"}, {"name": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"}, {"name": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"}, {"name": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"}, {"name": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6892", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://redmine.openinfosecfoundation.org/issues/6892"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6900", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://redmine.openinfosecfoundation.org/issues/6900"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32663", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-16T14:15:26.878Z", "datePublished": "2024-05-07T14:48:20.366Z", "dateUpdated": "2024-06-04T17:51:29.291Z"}, "containers": {"cna": {"title": "Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"}, {"name": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"}, {"name": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"}, {"name": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"}, {"name": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5", "tags": ["x_refsource_MISC"], "url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6892", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/6892"}, {"name": "https://redmine.openinfosecfoundation.org/issues/6900", "tags": ["x_refsource_MISC"], "url": "https://redmine.openinfosecfoundation.org/issues/6900"}], "affected": [{"vendor": "OISF", "product": "suricata", "versions": [{"version": ">= 7.0.0, <= 7.0.4", "status": "affected"}, {"version": ">= 6.0.0, <= 6.0.18", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-07T14:48:20.366Z"}, "descriptions": [{"lang": "en", "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536)."}], "source": {"advisory": "GHSA-9jxm-qw9v-266r", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32663", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-07T17:39:47.421590Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.098Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536)."}, {"lang": "es", "value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de 7.0.5 y 6.0.19, una peque\u00f1a cantidad de tr\u00e1fico HTTP/2 puede hacer que Suricata utilice una gran cantidad de memoria. El problema se solucion\u00f3 en Suricata 7.0.5 y 6.0.19. Los workarounds incluyen deshabilitar el analizador HTTP/2 y reducir el valor `app-layer.protocols.http2.max-table-size` (el valor predeterminado es 65536)."}], "id": "CVE-2024-32663", "lastModified": "2024-05-07T20:07:58.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-07T15:15:08.713", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"}, {"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"}, {"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"}, {"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"}, {"source": "security-advisories@github.com", "url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/6892"}, {"source": "security-advisories@github.com", "url": "https://redmine.openinfosecfoundation.org/issues/6900"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Secondary"}]}