Bug 2266170 (CVE-2024-24568)

Summary: CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2 headers
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: suricata 7.0.3 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2266171, 2266172    
Bug Blocks:    

Description Robb Gatica 2024-02-26 20:38:46 UTC
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.  Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.

https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0
https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c
https://redmine.openinfosecfoundation.org/issues/6717

Comment 1 Robb Gatica 2024-02-26 20:39:18 UTC
Created suricata tracking bugs for this issue:

Affects: epel-all [bug 2266171]
Affects: fedora-all [bug 2266172]