Bug 2218779 (CVE-2023-35853)
| Summary: | CVE-2023-35853 suricata: an adversary who controls an external source of Lua rules may be able to execute Lua code | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Suricata 6.0.13 | Doc Type: | --- |
| Doc Text: |
OISF Suricata could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of external source of Lua rules. By using specially crafted Lua rules, an attacker could exploit this vulnerability to execute arbitrary Lua code on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-07-04 07:45:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2218782, 2218783 | ||
| Bug Blocks: | 2215922 | ||
|
Description
TEJ RATHI
2023-06-30 06:47:52 UTC
Created suricata tracking bugs for this issue: Affects: epel-all [bug 2218783] Affects: fedora-all [bug 2218782] This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. |