PT-2024-4845 · Suricata+2 · Suricata+2

Victor Julien

Published

2024-05-16

Updated

2025-11-07

CVE-2024-38536

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Suricata versions prior to 7.0.6

Description: A memory allocation failure due to http.memcap being reached leads to a NULL-ptr reference, resulting in a crash. This issue can be exploited by a remote attacker to cause a denial of service.

Recommendations: For versions prior to 7.0.6, upgrade to 7.0.6 to resolve the issue. As a temporary workaround, consider adjusting the http.memcap setting to prevent the memory allocation failure until a patch is applied. Restrict access to the Suricata engine to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-14099

BDU:2024-05369

CVE-2024-38536

GHSA-J32J-4W6G-94HH

MGASA-2024-0306

OPENSUSE-SU-2025:15394-1

Affected Products

Alt Linux

Debian

Suricata

PT-2024-4845 · Suricata+2 · Suricata+2

CVE-2024-38536

Weakness Enumeration

Related Identifiers

Affected Products

References · 53