CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
10.3%
Suricata is a network Intrusion Detection System, Intrusion Prevention
System and Network Security Monitoring engine. Prior to version 7.0.3,
excessive memory use during pgsql parsing could lead to OOM-related
crashes. This vulnerability is patched in 7.0.3. As workaround, users can
disable the pgsql app layer parser.
github.com/OISF/suricata/commit/61a32360eba3c032de51029a05515ab46690286f (suricata-7.0.3)
github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd
github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd (master)
github.com/OISF/suricata/commit/b0d762d2675a2441b74e039d54bfa5b050641f8e (suricata-7.0.3)
github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f
github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f (master)
github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc
launchpad.net/bugs/cve/CVE-2024-23835
nvd.nist.gov/vuln/detail/CVE-2024-23835
redmine.openinfosecfoundation.org/issues/6411
security-tracker.debian.org/tracker/CVE-2024-23835
www.cve.org/CVERecord?id=CVE-2024-23835