Bug 2218779 (CVE-2023-35853) - CVE-2023-35853 suricata: an adversary who controls an external source of Lua rules may be able to execute Lua code
Summary: CVE-2023-35853 suricata: an adversary who controls an external source of Lua ...
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2023-35853
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2218782 2218783
Blocks: 2215922
TreeView+ depends on / blocked
 
Reported: 2023-06-30 06:47 UTC by TEJ RATHI
Modified: 2023-07-04 07:45 UTC (History)
0 users

Fixed In Version: Suricata 6.0.13
Doc Type: ---
Doc Text:
OISF Suricata could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of external source of Lua rules. By using specially crafted Lua rules, an attacker could exploit this vulnerability to execute arbitrary Lua code on the system.
Clone Of:
Environment:
Last Closed: 2023-07-04 07:45:04 UTC
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2023-06-30 06:47:52 UTC 
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.

https://www.stamus-networks.com/stamus-labs
https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13
https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da
Comment 1 TEJ RATHI 2023-06-30 06:49:09 UTC 
Created suricata tracking bugs for this issue:

Affects: epel-all [bug 2218783]
Affects: fedora-all [bug 2218782]
Comment 2 Product Security DevOps Team 2023-07-04 07:45:03 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Note You need to log in before you can comment on or make changes to this bug.