cve-2023-35852
Vulnerability from cvelistv5
Published
2023-06-19 00:00
Modified
2024-12-11 17:05
Severity ?
Summary
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
References
cve@mitre.orghttps://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17Patch
cve@mitre.orghttps://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335Patch
cve@mitre.orghttps://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13Vendor Advisory
cve@mitre.orghttps://www.stamus-networks.com/stamus-labsNot Applicable
af854a3a-2127-422b-91ae-364da2661108https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.stamus-networks.com/stamus-labsNot Applicable
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:30:45.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.stamus-networks.com/stamus-labs"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-35852",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-11T17:05:14.989150Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-11T17:05:39.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-19T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
        },
        {
          "url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335"
        },
        {
          "url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17"
        },
        {
          "url": "https://www.stamus-networks.com/stamus-labs"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-35852",
    "datePublished": "2023-06-19T00:00:00",
    "dateReserved": "2023-06-19T00:00:00",
    "dateUpdated": "2024-12-11T17:05:39.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.0.13\", \"matchCriteriaId\": \"1FDDE2F7-D633-4FBC-8EE1-6145A82AC02F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.\"}, {\"lang\": \"es\", \"value\": \"En Suricata antes de la versi\\u00f3n 6.0.13 (cuando hay un adversario que controla una fuente externa de reglas), un nombre de archivo de conjunto de datos, que proviene de una regla, puede desencadenar el salto de directorios absolutos o relativos, y conducir al acceso de escritura a un sistema de archivos local. Esto se soluciona en 6.0.13 requiriendo \\\"allow-absolute-filenames\\\" y \\\"allow-write\\\" (en la secci\\u00f3n de configuraci\\u00f3n de reglas de conjuntos de datos) si una instalaci\\u00f3n requiere saltar/escribir en esta situaci\\u00f3n. \"}]",
      "id": "CVE-2023-35852",
      "lastModified": "2024-11-21T08:08:49.503",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-06-19T04:15:11.217",
      "references": "[{\"url\": \"https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.stamus-networks.com/stamus-labs\", \"source\": \"cve@mitre.org\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.stamus-networks.com/stamus-labs\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-35852\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-06-19T04:15:11.217\",\"lastModified\":\"2024-11-21T08:08:49.503\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.\"},{\"lang\":\"es\",\"value\":\"En Suricata antes de la versi\u00f3n 6.0.13 (cuando hay un adversario que controla una fuente externa de reglas), un nombre de archivo de conjunto de datos, que proviene de una regla, puede desencadenar el salto de directorios absolutos o relativos, y conducir al acceso de escritura a un sistema de archivos local. Esto se soluciona en 6.0.13 requiriendo \\\"allow-absolute-filenames\\\" y \\\"allow-write\\\" (en la secci\u00f3n de configuraci\u00f3n de reglas de conjuntos de datos) si una instalaci\u00f3n requiere saltar/escribir en esta situaci\u00f3n. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.13\",\"matchCriteriaId\":\"1FDDE2F7-D633-4FBC-8EE1-6145A82AC02F\"}]}]}],\"references\":[{\"url\":\"https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.stamus-networks.com/stamus-labs\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.stamus-networks.com/stamus-labs\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.stamus-networks.com/stamus-labs\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:30:45.449Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-35852\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-11T17:05:14.989150Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-11T17:05:31.897Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13\"}, {\"url\": \"https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335\"}, {\"url\": \"https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17\"}, {\"url\": \"https://www.stamus-networks.com/stamus-labs\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-06-19T00:00:00\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-35852\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-11T17:05:39.191Z\", \"dateReserved\": \"2023-06-19T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-06-19T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.