UBUNTU-CVE-2024-23839
- Source
- https://ubuntu.com/security/CVE-2024-23839
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-23839.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-23839
- Upstream
- Published
- 2024-02-26T16:27:00Z
- Modified
- 2025-07-14T06:46:38.123610Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- - medium
- Summary
- [none]
- Details
-
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.requestheader and http.responseheader keywords.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / suricata
Package
- Name
- suricata
- Purl
- pkg:deb/ubuntu/suricata@3.0-1?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / suricata
Package
- Name
- suricata
- Purl
- pkg:deb/ubuntu/suricata@3.2-2ubuntu3?arch=source&distro=esm-apps/bionic
Ubuntu:22.04:LTS / suricata
Package
- Name
- suricata
- Purl
- pkg:deb/ubuntu/suricata@1:6.0.4-3?arch=source&distro=jammy
Ubuntu:24.04:LTS / suricata
Package
- Name
- suricata
- Purl
- pkg:deb/ubuntu/suricata@1:7.0.3-1build3?arch=source&distro=noble