CVE-2023-35853

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-35853
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35853.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-35853
Downstream
Published
2023-06-19T04:15:11.287Z
Modified
2026-04-10T05:00:48.437146Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.

References

Affected packages

Git / github.com/oisf/suricata

Affected ranges

Type
GIT
Repo
https://github.com/oisf/suricata
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f09a6b562ec7f28f512e156d103284fa910307a1
Fixed
b95bbcc66db526ffcc880eb439dbe8abc87a81da
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.0.13"
        }
    ]
}

Affected versions

suricata-0.*
suricata-0.8.2
suricata-1.*
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
suricata-1.2
suricata-1.2.1
suricata-1.2beta1
suricata-1.2rc1
suricata-1.3
suricata-1.3.1
suricata-1.3beta1
suricata-1.3beta2
suricata-1.3rc1
suricata-1.4
suricata-1.4beta1
suricata-1.4beta2
suricata-1.4beta3
suricata-1.4rc1
suricata-2.*
suricata-2.0
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0.2
suricata-2.0beta1
suricata-2.0beta2
suricata-2.0rc1
suricata-2.0rc2
suricata-2.0rc3
suricata-2.1beta1
suricata-2.1beta2
suricata-2.1beta3
suricata-2.1beta4
suricata-3.*
suricata-3.0
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0RC1
suricata-3.0RC2
suricata-3.0RC3
suricata-3.1
suricata-3.1.1
suricata-3.1.2
suricata-3.1RC1
suricata-3.2
suricata-3.2.1
suricata-3.2RC1
suricata-3.2beta1
suricata-4.*
suricata-4.0.0
suricata-4.0.0-beta1
suricata-4.0.0-rc1
suricata-4.0.0-rc2
suricata-4.0.1
suricata-4.1.0
suricata-4.1.0-beta1
suricata-4.1.0-rc1
suricata-4.1.0-rc2
suricata-4.1.1
suricata-4.1.2
suricata-5.*
suricata-5.0.0
suricata-5.0.0-beta1
suricata-5.0.0-rc1
suricata-5.0.1
suricata-6.*
suricata-6.0.0
suricata-6.0.0-beta1
suricata-6.0.0-rc1
suricata-6.0.1
suricata-6.0.10
suricata-6.0.11
suricata-6.0.12
suricata-6.0.2
suricata-6.0.3
suricata-6.0.4
suricata-6.0.5
suricata-6.0.6
suricata-6.0.7
suricata-6.0.8
suricata-6.0.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35853.json"