Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-35853

Опубликовано: 19 июн. 2023
Источник: debian

Описание

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
suricatafixed1:6.0.13-1package
suricatano-dsabookwormpackage
suricatano-dsabullseyepackage
suricatano-dsabusterpackage

Примечания

  • https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da

Связанные уязвимости

ubuntu логотип

CVE-2023-35853

CVSS3: 9.8
ubuntu
больше 2 лет назад

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.

nvd логотип

CVE-2023-35853

CVSS3: 9.8
nvd
больше 2 лет назад

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.

github логотип

GHSA-42j3-j7r2-vj2g

CVSS3: 9.8
github
больше 2 лет назад

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.

fstec логотип

BDU:2023-06802

CVSS3: 9.8
fstec
больше 2 лет назад

Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код