CVE-2024-23836

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 6.0.16 and 7.0.3

Description Suricata is a network Intrusion Detection System, Intrusion Prevention System, and Network Security Monitoring engine. An attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.

Recommendations To resolve the issue for versions prior to 6.0.16, update to version 6.0.16 or later. To resolve the issue for versions prior to 7.0.3, update to version 7.0.3 or later. As a temporary workaround, consider disabling the affected protocol app-layer parser in the yaml. Reduce the stream.reassembly.depth value to help reduce the severity of the issue.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-1395

Related Identifiers

BDU:2024-01182

CVE-2024-23836

GHSA-Q33Q-45CR-3CPC

OPENSUSE-SU-2025:15394-1

Affected Products

Debian

Suricata

CVE-2024-23836

Weakness Enumeration

Related Identifiers

Affected Products

References · 68