2266170 – (CVE-2024-24568) CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2 headers

Bug 2266170 (CVE-2024-24568) - CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2 headers

Summary: CVE-2024-24568 suricata: potential bypass of rules inspecting HTTP2 headers

Keywords:
Status:	NEW
Alias:	CVE-2024-24568
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2266171 2266172
Blocks:
TreeView+	depends on / blocked

Reported:	2024-02-26 20:38 UTC by Robb Gatica
Modified:	2024-02-26 20:39 UTC (History)
CC List:	0 users
Fixed In Version:	suricata 7.0.3
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Robb Gatica 2024-02-26 20:38:46 UTC

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.  Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.

https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0
https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c
https://redmine.openinfosecfoundation.org/issues/6717

Comment 1 Robb Gatica 2024-02-26 20:39:18 UTC

Created suricata tracking bugs for this issue:

Affects: epel-all [bug 2266171]
Affects: fedora-all [bug 2266172]

Note You need to log in before you can comment on or make changes to this bug.