2297335 – (CVE-2024-38536) CVE-2024-38536 suricata: NULL pointer dereference when http.memcap is reached

Bug 2297335 (CVE-2024-38536) - CVE-2024-38536 suricata: NULL pointer dereference when http.memcap is reached

Summary: CVE-2024-38536 suricata: NULL pointer dereference when http.memcap is reached

Keywords:
Status:	NEW
Alias:	CVE-2024-38536
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2297347 2297349
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-11 15:21 UTC by OSIDB Bzimport
Modified:	2024-07-11 17:01 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-07-11 15:21:08 UTC

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.

Comment 1 Robb Gatica 2024-07-11 16:23:20 UTC

References:
https://redmine.openinfosecfoundation.org/issues/7029
https://redmine.openinfosecfoundation.org/issues/7033
https://nvd.nist.gov/vuln/detail/CVE-2024-38536
https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh

Note You need to log in before you can comment on or make changes to this bug.