Lucene search

[email protected]CVE-2023-35853

HistoryJun 19, 2023 - 4:15 a.m.

CVE-2023-35853

2023-06-1904:15:11

[email protected]

web.nvd.nist.gov

suricata

cve

2023

35853

lua

code execution

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.

Affected configurations

NVD

Node

oisfsuricataRange<6.0.13

CPENameOperatorVersion
oisf:suricataoisf suricatalt6.0.13

CPE	Name	Operator	Version
oisf:suricata	oisf suricata	lt	6.0.13

References

github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da

github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13

www.stamus-networks.com/stamus-labs

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

Related for CVE-2023-35853

alpinelinux1 debiancve1 nvd1 veracode1 ubuntucve1 osv1 cvelist1 prion1 rosalinux2 photon2