PT-2024-24751 · Suricata+2 · Suricata+2

Published

2024-05-07

Updated

2025-07-28

CVE-2024-32663

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 7.0.5 and 6.0.19

Description Suricata is a network Intrusion Detection System, Intrusion Prevention System, and Network Security Monitoring engine. A small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19.

Recommendations For Suricata versions prior to 7.0.5, update to version 7.0.5 to resolve the issue. For Suricata versions prior to 6.0.19, update to version 6.0.19 to resolve the issue. As a temporary workaround, consider disabling the HTTP/2 parser. Reduce the app-layer.protocols.http2.max-table-size value (default is 65536) to minimize the risk of exploitation.

Exploit

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

ALT-PU-2024-12896

CVE-2024-32663

DLA-4103-1

GHSA-9JXM-QW9V-266R

OPENSUSE-SU-2025:15394-1

Affected Products

Alt Linux

Debian

Suricata

PT-2024-24751 · Suricata+2 · Suricata+2

CVE-2024-32663

Weakness Enumeration

Related Identifiers

Affected Products

References · 52