PT-2024-28061 · Suricata+2 · Suricata+2

Published

2024-07-11

Updated

2025-11-07

CVE-2024-38535

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 6.0.20 Suricata versions prior to 7.0.6

Description Suricata is a network Intrusion Detection System, Intrusion Prevention System, and Network Security Monitoring engine. It can run out of memory when parsing crafted HTTP/2 traffic.

Recommendations For versions prior to 6.0.20, upgrade to 6.0.20. For versions prior to 7.0.6, upgrade to 7.0.6.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2025-14099

CVE-2024-38535

GHSA-CG8J-7MWM-V563

MGASA-2024-0306

OPENSUSE-SU-2025:15394-1

ROSA-SA-2025-2578

Affected Products

Alt Linux

Debian

Suricata

PT-2024-28061 · Suricata+2 · Suricata+2

CVE-2024-38535

Weakness Enumeration

Related Identifiers

Affected Products

References · 54