cvelistv5 - cve-2024-23836

CVE-2024-23836 (GCVE-0-2024-23836)

Vulnerability from cvelistv5 – Published: 2024-02-26 15:44 – Updated: 2025-02-13 17:39

Summary

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

URL

Tags

	https://github.com/OISF/suricata/security/advisor…	x_refsource_CONFIRM
	https://github.com/OISF/suricata/commit/18841a58d…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/2a2120ecf…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/83c5567ea…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/8efaebe29…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/97953998d…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/b1549e930…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/cd035d59e…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/ce9b90326…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/e7e28822f…	x_refsource_MISC
	https://github.com/OISF/suricata/commit/f9de1cca6…	x_refsource_MISC
	https://redmine.openinfosecfoundation.org/issues/6531	x_refsource_MISC
	https://redmine.openinfosecfoundation.org/issues/6532	x_refsource_MISC
	https://redmine.openinfosecfoundation.org/issues/6540	x_refsource_MISC
	https://redmine.openinfosecfoundation.org/issues/6658	x_refsource_MISC
	https://redmine.openinfosecfoundation.org/issues/6659	x_refsource_MISC
	https://redmine.openinfosecfoundation.org/issues/6660	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…

Impacted products

	Vendor	Product	Version
	OISF	suricata	Affected: < 6.0.16 Affected: >= 7.0.0, < 7.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23836",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-07T14:33:18.701351Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:45:51.780Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:13:08.115Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6531",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://redmine.openinfosecfoundation.org/issues/6531"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6532",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://redmine.openinfosecfoundation.org/issues/6532"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6540",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://redmine.openinfosecfoundation.org/issues/6540"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6658",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://redmine.openinfosecfoundation.org/issues/6658"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6659",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://redmine.openinfosecfoundation.org/issues/6659"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6660",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://redmine.openinfosecfoundation.org/issues/6660"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "suricata",
          "vendor": "OISF",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.0.16"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.0.0, \u003c 7.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.  This vulnerability is patched in 6.0.16 or 7.0.3.  Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T02:13:53.157Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
        },
        {
          "name": "https://redmine.openinfosecfoundation.org/issues/6531",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://redmine.openinfosecfoundation.org/issues/6531"
        },
        {
          "name": "https://redmine.openinfosecfoundation.org/issues/6532",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://redmine.openinfosecfoundation.org/issues/6532"
        },
        {
          "name": "https://redmine.openinfosecfoundation.org/issues/6540",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://redmine.openinfosecfoundation.org/issues/6540"
        },
        {
          "name": "https://redmine.openinfosecfoundation.org/issues/6658",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://redmine.openinfosecfoundation.org/issues/6658"
        },
        {
          "name": "https://redmine.openinfosecfoundation.org/issues/6659",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://redmine.openinfosecfoundation.org/issues/6659"
        },
        {
          "name": "https://redmine.openinfosecfoundation.org/issues/6660",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://redmine.openinfosecfoundation.org/issues/6660"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
        }
      ],
      "source": {
        "advisory": "GHSA-q33q-45cr-3cpc",
        "discovery": "UNKNOWN"
      },
      "title": "crafted traffic can cause denial of service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-23836",
    "datePublished": "2024-02-26T15:44:03.308Z",
    "dateReserved": "2024-01-22T22:23:54.340Z",
    "dateUpdated": "2025-02-13T17:39:55.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.0.16\", \"matchCriteriaId\": \"E9AB3B22-820A-45AE-A0F1-B07C53FEB22E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.0.3\", \"matchCriteriaId\": \"8AD3DB8D-5FEF-43FD-8E47-5EF72479EF29\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.  This vulnerability is patched in 6.0.16 or 7.0.3.  Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.\"}, {\"lang\": \"es\", \"value\": \"Suricata es un sistema de detecci\\u00f3n de intrusiones en la red, un sistema de prevenci\\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de las versiones 6.0.16 y 7.0.3, un atacante pod\\u00eda manipular el tr\\u00e1fico para hacer que Suricata utilizara mucha m\\u00e1s CPU y memoria de la necesaria para procesar el tr\\u00e1fico, lo que puede provocar ralentizaciones extremas y denegaci\\u00f3n de servicio. Esta vulnerabilidad est\\u00e1 parcheada en 6.0.16 o 7.0.3. Los workarounds incluyen deshabilitar el analizador de la capa de aplicaci\\u00f3n del protocolo afectado en el yaml y reducir el valor `stream.reassembly. Depth` ayuda a reducir la gravedad del problema.\"}]",
      "id": "CVE-2024-23836",
      "lastModified": "2024-12-19T19:26:20.673",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-02-26T16:27:57.693",
      "references": "[{\"url\": \"https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6531\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6532\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6540\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6658\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6659\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6660\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6531\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6532\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6540\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6659\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6660\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-23836\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-02-26T16:27:57.693\",\"lastModified\":\"2024-12-19T19:26:20.673\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.  This vulnerability is patched in 6.0.16 or 7.0.3.  Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.\"},{\"lang\":\"es\",\"value\":\"Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de las versiones 6.0.16 y 7.0.3, un atacante pod\u00eda manipular el tr\u00e1fico para hacer que Suricata utilizara mucha m\u00e1s CPU y memoria de la necesaria para procesar el tr\u00e1fico, lo que puede provocar ralentizaciones extremas y denegaci\u00f3n de servicio. Esta vulnerabilidad est\u00e1 parcheada en 6.0.16 o 7.0.3. Los workarounds incluyen deshabilitar el analizador de la capa de aplicaci\u00f3n del protocolo afectado en el yaml y reducir el valor `stream.reassembly. Depth` ayuda a reducir la gravedad del problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.16\",\"matchCriteriaId\":\"E9AB3B22-820A-45AE-A0F1-B07C53FEB22E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.3\",\"matchCriteriaId\":\"8AD3DB8D-5FEF-43FD-8E47-5EF72479EF29\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6531\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6532\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6540\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6658\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6659\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6660\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6540\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6659\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://redmine.openinfosecfoundation.org/issues/6660\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc\", \"name\": \"https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7\", \"name\": \"https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747\", \"name\": \"https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7\", \"name\": \"https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc\", \"name\": \"https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97\", \"name\": \"https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8\", \"name\": \"https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786\", \"name\": \"https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5\", \"name\": \"https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01\", \"name\": \"https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af\", \"name\": \"https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6531\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6531\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6532\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6532\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6540\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6540\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6658\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6658\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6659\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6659\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6660\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6660\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:13:08.115Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23836\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-07T14:33:18.701351Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:16.300Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"crafted traffic can cause denial of service\", \"source\": {\"advisory\": \"GHSA-q33q-45cr-3cpc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"OISF\", \"product\": \"suricata\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 6.0.16\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.0.0, \u003c 7.0.3\"}]}], \"references\": [{\"url\": \"https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc\", \"name\": \"https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7\", \"name\": \"https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747\", \"name\": \"https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7\", \"name\": \"https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc\", \"name\": \"https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97\", \"name\": \"https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8\", \"name\": \"https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786\", \"name\": \"https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5\", \"name\": \"https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01\", \"name\": \"https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af\", \"name\": \"https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6531\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6531\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6532\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6532\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6540\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6540\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6658\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6658\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6659\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6659\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://redmine.openinfosecfoundation.org/issues/6660\", \"name\": \"https://redmine.openinfosecfoundation.org/issues/6660\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.  This vulnerability is patched in 6.0.16 or 7.0.3.  Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-02-26T15:44:03.308Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-23836\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T23:13:08.115Z\", \"dateReserved\": \"2024-01-22T22:23:54.340Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-02-26T15:44:03.308Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

OPENSUSE-SU-2025:15394-1

Vulnerability from csaf_opensuse - Published: 2025-07-28 00:00 - Updated: 2025-07-28 00:00

Summary

libsuricata8_0_0-8.0.0-1.1 on GA media

Notes

Title of the patch

libsuricata8_0_0-8.0.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the libsuricata8_0_0-8.0.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15394

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libsuricata8_0_0-8.0.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libsuricata8_0_0-8.0.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15394",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15394-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-10728 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-10728/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14568 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14568/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-10050 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-10050/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-10053 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-10053/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-23835 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-23835/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-23836 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-23836/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-23839 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-23839/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-24568 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-24568/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-32663 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-32663/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-32664 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-32664/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-32867 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-32867/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-37151 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-37151/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-38534 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-38534/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-38535 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-38535/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-38536 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-38536/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-45795 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-45795/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-45796 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-45796/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-45797 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-45797/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-47187 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-47187/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-47188 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-47188/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-47522 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-47522/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-55605 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-55605/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-55626 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-55626/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-55627 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-55627/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-55628 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-55628/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-55629 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-55629/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-29915 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-29915/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-29916 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-29916/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-29917 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-29917/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-29918 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-29918/"
      }
    ],
    "title": "libsuricata8_0_0-8.0.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-07-28T00:00:00Z",
      "generator": {
        "date": "2025-07-28T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15394-1",
      "initial_release_date": "2025-07-28T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-07-28T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsuricata8_0_0-8.0.0-1.1.aarch64",
                "product": {
                  "name": "libsuricata8_0_0-8.0.0-1.1.aarch64",
                  "product_id": "libsuricata8_0_0-8.0.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-8.0.0-1.1.aarch64",
                "product": {
                  "name": "suricata-8.0.0-1.1.aarch64",
                  "product_id": "suricata-8.0.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-devel-8.0.0-1.1.aarch64",
                "product": {
                  "name": "suricata-devel-8.0.0-1.1.aarch64",
                  "product_id": "suricata-devel-8.0.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsuricata8_0_0-8.0.0-1.1.ppc64le",
                "product": {
                  "name": "libsuricata8_0_0-8.0.0-1.1.ppc64le",
                  "product_id": "libsuricata8_0_0-8.0.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-8.0.0-1.1.ppc64le",
                "product": {
                  "name": "suricata-8.0.0-1.1.ppc64le",
                  "product_id": "suricata-8.0.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-devel-8.0.0-1.1.ppc64le",
                "product": {
                  "name": "suricata-devel-8.0.0-1.1.ppc64le",
                  "product_id": "suricata-devel-8.0.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsuricata8_0_0-8.0.0-1.1.s390x",
                "product": {
                  "name": "libsuricata8_0_0-8.0.0-1.1.s390x",
                  "product_id": "libsuricata8_0_0-8.0.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-8.0.0-1.1.s390x",
                "product": {
                  "name": "suricata-8.0.0-1.1.s390x",
                  "product_id": "suricata-8.0.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-devel-8.0.0-1.1.s390x",
                "product": {
                  "name": "suricata-devel-8.0.0-1.1.s390x",
                  "product_id": "suricata-devel-8.0.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsuricata8_0_0-8.0.0-1.1.x86_64",
                "product": {
                  "name": "libsuricata8_0_0-8.0.0-1.1.x86_64",
                  "product_id": "libsuricata8_0_0-8.0.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-8.0.0-1.1.x86_64",
                "product": {
                  "name": "suricata-8.0.0-1.1.x86_64",
                  "product_id": "suricata-8.0.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "suricata-devel-8.0.0-1.1.x86_64",
                "product": {
                  "name": "suricata-devel-8.0.0-1.1.x86_64",
                  "product_id": "suricata-devel-8.0.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsuricata8_0_0-8.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64"
        },
        "product_reference": "libsuricata8_0_0-8.0.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsuricata8_0_0-8.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le"
        },
        "product_reference": "libsuricata8_0_0-8.0.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsuricata8_0_0-8.0.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x"
        },
        "product_reference": "libsuricata8_0_0-8.0.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsuricata8_0_0-8.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64"
        },
        "product_reference": "libsuricata8_0_0-8.0.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-8.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64"
        },
        "product_reference": "suricata-8.0.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-8.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le"
        },
        "product_reference": "suricata-8.0.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-8.0.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x"
        },
        "product_reference": "suricata-8.0.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-8.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64"
        },
        "product_reference": "suricata-8.0.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-devel-8.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64"
        },
        "product_reference": "suricata-devel-8.0.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-devel-8.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le"
        },
        "product_reference": "suricata-devel-8.0.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-devel-8.0.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x"
        },
        "product_reference": "suricata-devel-8.0.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "suricata-devel-8.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        },
        "product_reference": "suricata-devel-8.0.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-10728",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-10728"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-10728",
          "url": "https://www.suse.com/security/cve/CVE-2016-10728"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102402 for CVE-2016-10728",
          "url": "https://bugzilla.suse.com/1102402"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-10728"
    },
    {
      "cve": "CVE-2018-14568",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14568"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14568",
          "url": "https://www.suse.com/security/cve/CVE-2018-14568"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102334 for CVE-2018-14568",
          "url": "https://bugzilla.suse.com/1102334"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14568"
    },
    {
      "cve": "CVE-2019-10050",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-10050"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-10050",
          "url": "https://www.suse.com/security/cve/CVE-2019-10050"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134991 for CVE-2019-10050",
          "url": "https://bugzilla.suse.com/1134991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-10050"
    },
    {
      "cve": "CVE-2019-10053",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-10053"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \\n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \\r results in an integer underflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-10053",
          "url": "https://www.suse.com/security/cve/CVE-2019-10053"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134993 for CVE-2019-10053",
          "url": "https://bugzilla.suse.com/1134993"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-10053"
    },
    {
      "cve": "CVE-2024-23835",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-23835"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.  Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes.  This vulnerability is patched in 7.0.3.  As workaround, users can disable the pgsql app layer parser.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-23835",
          "url": "https://www.suse.com/security/cve/CVE-2024-23835"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-23835"
    },
    {
      "cve": "CVE-2024-23836",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-23836"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.  This vulnerability is patched in 6.0.16 or 7.0.3.  Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-23836",
          "url": "https://www.suse.com/security/cve/CVE-2024-23836"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-23836"
    },
    {
      "cve": "CVE-2024-23839",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-23839"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.  Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword.  The vulnerability has been patched in 7.0.3.  To work around the vulnerability, avoid the http.request_header and http.response_header keywords.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-23839",
          "url": "https://www.suse.com/security/cve/CVE-2024-23839"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-23839"
    },
    {
      "cve": "CVE-2024-24568",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-24568"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.  Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-24568",
          "url": "https://www.suse.com/security/cve/CVE-2024-24568"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-24568"
    },
    {
      "cve": "CVE-2024-32663",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-32663"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-32663",
          "url": "https://www.suse.com/security/cve/CVE-2024-32663"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-32663"
    },
    {
      "cve": "CVE-2024-32664",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-32664"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-32664",
          "url": "https://www.suse.com/security/cve/CVE-2024-32664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-32664"
    },
    {
      "cve": "CVE-2024-32867",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-32867"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-32867",
          "url": "https://www.suse.com/security/cve/CVE-2024-32867"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-32867"
    },
    {
      "cve": "CVE-2024-37151",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-37151"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. \nMishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-37151",
          "url": "https://www.suse.com/security/cve/CVE-2024-37151"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-37151"
    },
    {
      "cve": "CVE-2024-38534",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-38534"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-38534",
          "url": "https://www.suse.com/security/cve/CVE-2024-38534"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-38534"
    },
    {
      "cve": "CVE-2024-38535",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-38535"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-38535",
          "url": "https://www.suse.com/security/cve/CVE-2024-38535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-38535"
    },
    {
      "cve": "CVE-2024-38536",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-38536"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-38536",
          "url": "https://www.suse.com/security/cve/CVE-2024-38536"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-38536"
    },
    {
      "cve": "CVE-2024-45795",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-45795"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented \"unset\" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-45795",
          "url": "https://www.suse.com/security/cve/CVE-2024-45795"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-45795"
    },
    {
      "cve": "CVE-2024-45796",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-45796"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-45796",
          "url": "https://www.suse.com/security/cve/CVE-2024-45796"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-45796"
    },
    {
      "cve": "CVE-2024-45797",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-45797"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-45797",
          "url": "https://www.suse.com/security/cve/CVE-2024-45797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1231746 for CVE-2024-45797",
          "url": "https://bugzilla.suse.com/1231746"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-45797"
    },
    {
      "cve": "CVE-2024-47187",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-47187"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-47187",
          "url": "https://www.suse.com/security/cve/CVE-2024-47187"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-47187"
    },
    {
      "cve": "CVE-2024-47188",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-47188"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-47188",
          "url": "https://www.suse.com/security/cve/CVE-2024-47188"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-47188"
    },
    {
      "cve": "CVE-2024-47522",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-47522"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-47522",
          "url": "https://www.suse.com/security/cve/CVE-2024-47522"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-47522"
    },
    {
      "cve": "CVE-2024-55605",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-55605"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-55605",
          "url": "https://www.suse.com/security/cve/CVE-2024-55605"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-55605"
    },
    {
      "cve": "CVE-2024-55626",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-55626"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-55626",
          "url": "https://www.suse.com/security/cve/CVE-2024-55626"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-55626"
    },
    {
      "cve": "CVE-2024-55627",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-55627"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-55627",
          "url": "https://www.suse.com/security/cve/CVE-2024-55627"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-55627"
    },
    {
      "cve": "CVE-2024-55628",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-55628"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-55628",
          "url": "https://www.suse.com/security/cve/CVE-2024-55628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-55628"
    },
    {
      "cve": "CVE-2024-55629",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-55629"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -\u003e any any (sid:1; tcp.flags:U*;) to drop all the packets with urgent flag set.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-55629",
          "url": "https://www.suse.com/security/cve/CVE-2024-55629"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-55629"
    },
    {
      "cve": "CVE-2025-29915",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-29915"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-29915",
          "url": "https://www.suse.com/security/cve/CVE-2025-29915"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-29915"
    },
    {
      "cve": "CVE-2025-29916",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-29916"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn\u0027t properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-29916",
          "url": "https://www.suse.com/security/cve/CVE-2025-29916"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-29916"
    },
    {
      "cve": "CVE-2025-29917",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-29917"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread. This vulnerability is fixed in 7.0.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-29917",
          "url": "https://www.suse.com/security/cve/CVE-2025-29917"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-29917"
    },
    {
      "cve": "CVE-2025-29918",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-29918"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
          "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-29918",
          "url": "https://www.suse.com/security/cve/CVE-2025-29918"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:libsuricata8_0_0-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-8.0.0-1.1.x86_64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.aarch64",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.ppc64le",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.s390x",
            "openSUSE Tumbleweed:suricata-devel-8.0.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-29918"
    }
  ]
}

CERTFR-2024-AVI-0251

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Kaspersky Anti Targeted Attack. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Kaspersky	N/A	Kaspersky Anti Targeted Attack versions 6.x antérieures à 6.0.2

References

Title

Publication Time

Tags

Bulletin de sécurité Kaspersky du 26 mars 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Kaspersky Anti Targeted Attack versions 6.x ant\u00e9rieures \u00e0 6.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-24568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24568"
    },
    {
      "name": "CVE-2024-23836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23836"
    },
    {
      "name": "CVE-2024-23837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23837"
    },
    {
      "name": "CVE-2024-23839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23839"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0251",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Kaspersky Anti\nTargeted Attack. Elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Kaspersky Anti Targeted Attack",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Kaspersky du 26 mars 2024",
      "url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#260324"
    }
  ]
}

CERTFR-2024-AVI-0251

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Kaspersky Anti Targeted Attack. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Kaspersky	N/A	Kaspersky Anti Targeted Attack versions 6.x antérieures à 6.0.2

References

Title

Publication Time

Tags

Bulletin de sécurité Kaspersky du 26 mars 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Kaspersky Anti Targeted Attack versions 6.x ant\u00e9rieures \u00e0 6.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Kaspersky",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-24568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24568"
    },
    {
      "name": "CVE-2024-23836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23836"
    },
    {
      "name": "CVE-2024-23837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23837"
    },
    {
      "name": "CVE-2024-23839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23839"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0251",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Kaspersky Anti\nTargeted Attack. Elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Kaspersky Anti Targeted Attack",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Kaspersky du 26 mars 2024",
      "url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#260324"
    }
  ]
}

GSD-2024-23836

Vulnerability from gsd - Updated: 2024-01-23 06:02

Details

Aliases

CVE-2024-23836

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-23836"
      ],
      "details": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.  This vulnerability is patched in 6.0.16 or 7.0.3.  Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.",
      "id": "GSD-2024-23836",
      "modified": "2024-01-23T06:02:22.203242Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2024-23836",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "suricata",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 6.0.16"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 7.0.0, \u003c 7.0.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "OISF"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.  This vulnerability is patched in 6.0.16 or 7.0.3.  Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-770",
                "lang": "eng",
                "value": "CWE-770: Allocation of Resources Without Limits or Throttling"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
          },
          {
            "name": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af",
            "refsource": "MISC",
            "url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6531",
            "refsource": "MISC",
            "url": "https://redmine.openinfosecfoundation.org/issues/6531"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6532",
            "refsource": "MISC",
            "url": "https://redmine.openinfosecfoundation.org/issues/6532"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6540",
            "refsource": "MISC",
            "url": "https://redmine.openinfosecfoundation.org/issues/6540"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6658",
            "refsource": "MISC",
            "url": "https://redmine.openinfosecfoundation.org/issues/6658"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6659",
            "refsource": "MISC",
            "url": "https://redmine.openinfosecfoundation.org/issues/6659"
          },
          {
            "name": "https://redmine.openinfosecfoundation.org/issues/6660",
            "refsource": "MISC",
            "url": "https://redmine.openinfosecfoundation.org/issues/6660"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-q33q-45cr-3cpc",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.  This vulnerability is patched in 6.0.16 or 7.0.3.  Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue."
          },
          {
            "lang": "es",
            "value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de las versiones 6.0.16 y 7.0.3, un atacante pod\u00eda manipular el tr\u00e1fico para hacer que Suricata utilizara mucha m\u00e1s CPU y memoria de la necesaria para procesar el tr\u00e1fico, lo que puede provocar ralentizaciones extremas y denegaci\u00f3n de servicio. Esta vulnerabilidad est\u00e1 parcheada en 6.0.16 o 7.0.3. Los workarounds incluyen deshabilitar el analizador de la capa de aplicaci\u00f3n del protocolo afectado en el yaml y reducir el valor `stream.reassembly. Depth` ayuda a reducir la gravedad del problema."
          }
        ],
        "id": "CVE-2024-23836",
        "lastModified": "2024-03-07T03:15:06.987",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-02-26T16:27:57.693",
        "references": [
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://redmine.openinfosecfoundation.org/issues/6531"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://redmine.openinfosecfoundation.org/issues/6532"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://redmine.openinfosecfoundation.org/issues/6540"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://redmine.openinfosecfoundation.org/issues/6658"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://redmine.openinfosecfoundation.org/issues/6659"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://redmine.openinfosecfoundation.org/issues/6660"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-770"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2024-23836

Vulnerability from fkie_nvd - Published: 2024-02-26 16:27 - Updated: 2024-12-19 19:26

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01	Patch
security-advisories@github.com	https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af	Patch
security-advisories@github.com	https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc	Vendor Advisory
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/	Mailing List
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/	Mailing List
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/6531	Issue Tracking
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/6532	Issue Tracking
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/6540	Issue Tracking
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/6658	Issue Tracking
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/6659	Issue Tracking
security-advisories@github.com	https://redmine.openinfosecfoundation.org/issues/6660	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://redmine.openinfosecfoundation.org/issues/6531	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://redmine.openinfosecfoundation.org/issues/6532	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://redmine.openinfosecfoundation.org/issues/6540	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://redmine.openinfosecfoundation.org/issues/6658	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://redmine.openinfosecfoundation.org/issues/6659	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://redmine.openinfosecfoundation.org/issues/6660	Issue Tracking

Impacted products

Vendor	Product	Version
oisf	suricata	*
oisf	suricata	*
fedoraproject	fedora	38
fedoraproject	fedora	39

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AB3B22-820A-45AE-A0F1-B07C53FEB22E",
              "versionEndExcluding": "6.0.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD3DB8D-5FEF-43FD-8E47-5EF72479EF29",
              "versionEndExcluding": "7.0.3",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service.  This vulnerability is patched in 6.0.16 or 7.0.3.  Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue."
    },
    {
      "lang": "es",
      "value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de las versiones 6.0.16 y 7.0.3, un atacante pod\u00eda manipular el tr\u00e1fico para hacer que Suricata utilizara mucha m\u00e1s CPU y memoria de la necesaria para procesar el tr\u00e1fico, lo que puede provocar ralentizaciones extremas y denegaci\u00f3n de servicio. Esta vulnerabilidad est\u00e1 parcheada en 6.0.16 o 7.0.3. Los workarounds incluyen deshabilitar el analizador de la capa de aplicaci\u00f3n del protocolo afectado en el yaml y reducir el valor `stream.reassembly. Depth` ayuda a reducir la gravedad del problema."
    }
  ],
  "id": "CVE-2024-23836",
  "lastModified": "2024-12-19T19:26:20.673",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-26T16:27:57.693",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6531"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6532"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6540"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6658"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6659"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://redmine.openinfosecfoundation.org/issues/6660"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-23836 (GCVE-0-2024-23836)

OPENSUSE-SU-2025:15394-1

CERTFR-2024-AVI-0251

Solution

CERTFR-2024-AVI-0251

Solution

GSD-2024-23836

FKIE_CVE-2024-23836

Tags

Sightings

Nomenclature