CVE-2024-24568 MEDIUM

CVE-2024-24568: Suricata http2: header handling evasion

Vendor Oisf
Product suricata
Weakness CWE-284
Published February 26, 2024
Last update February 13, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.

Key dates

02Disclosure timeline

February 26, 2024 CVE published
February 13, 2025 Record updated