CVE-2023-35852

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 6.0.13

Description The issue is related to incorrect restriction of directory path names, which can be exploited by a remote attacker to write arbitrary files to the filesystem. This can occur when an adversary controls an external source of rules and a dataset filename from a rule triggers absolute or relative directory traversal, leading to write access to the local filesystem.

Recommendations For Suricata versions prior to 6.0.13, update to version 6.0.13 or later, which requires allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation. As a temporary workaround, consider restricting access to the datasets rules configuration section to minimize the risk of exploitation.