CVE-2024-47522

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 7.0.7

Description The issue is related to errors in checking the JA4 identifier, which provides information about the application protocol to be used between the client and server. Exploitation of this issue can allow a remote attacker to cause a denial of service by sending specially crafted TLS/QUIC traffic. The problem is associated with the operation of the ja4 fingerprinting engine.

Recommendations For versions prior to 7.0.7, update to version 7.0.7 to resolve the issue. As a temporary workaround, consider disabling ja4 by setting app-layer.protocols.tls.ja3,4-fingerprints to no in the suricata.yaml configuration file.