Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-32663

HistoryMay 07, 2024 - 3:15 p.m.

CVE-2024-32663

2024-05-0715:15:08

Alpine Linux Development Team

security.alpinelinux.org

suricata

network security

vulnerability

memory usage

http/2

patch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

10.3%

JSON

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing app-layer.protocols.http2.max-table-size value (default is 65536).

OSVersionArchitecturePackageVersionFilename
Alpine3.20-communitynoarchsuricata< 7.0.6-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.20-community	noarch	suricata	< 7.0.6-r0	UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

10.3%

JSON

Related for ALPINE:CVE-2024-32663