Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Suricata http: heap use after free with http.request_header and http.response_header keywords
Vulnerability Description
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
释放后使用
Vulnerability Title
Suricata 安全漏洞
Vulnerability Description
Suricata是开放信息安全基金会(Open Information Security Foundation,OISF)和其支持的厂商共同开发的一套网络入侵检测系统(IDS)、入侵防御系统(IPS)和网络安全监控引擎,它支持多线程、内置IPv6、可加载预设规则等。 Suricata 7.0.3 版本之前存在安全漏洞,该漏洞源于如果规则集使用 http.request_header 或 http.response_header 关键字,特制流量可能会导致释放后重用。
CVSS Information
N/A
Vulnerability Type
N/A