CVE-2024-38535 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_M	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Vendor	Product	Version
oisf	suricata	𝑥 < 6.0.20
oisf	suricata	7.0.0 ≤ 𝑥 < 7.0.6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

suricata

bullseye	no-dsa
bookworm	no-dsa
bullseye (security)	vulnerable
sid	1:7.0.10-1 fixed
trixie	1:7.0.10-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

suricata

plucky	not-affected
oracular	not-affected
noble	needs-triage
jammy	needs-triage
focal	dne
bionic	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7

https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2

https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563

https://redmine.openinfosecfoundation.org/issues/7104

https://redmine.openinfosecfoundation.org/issues/7105

https://redmine.openinfosecfoundation.org/issues/7112

https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7

https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2

https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563

https://redmine.openinfosecfoundation.org/issues/7104

https://redmine.openinfosecfoundation.org/issues/7105

https://redmine.openinfosecfoundation.org/issues/7112