CVE-2024-47522 - Vulnerability Details

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Oisf	Suricata

Configuration 1 [-]

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7
https://redmine.openinfosecfoundation.org/issues/7267
https://www.vicarius.io/vsociety/posts/cve-2024-47522-detect-suricata-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2024-47522-mitigate-suricata-vulnerability

History

Thu, 25 Sep 2025 17:30:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/cve-2024-47522-detect-suricata-vulnerability https://www.vicarius.io/vsociety/posts/cve-2024-47522-mitigate-suricata-vulnerability

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00101}`	epss `{'score': 0.00112}`

Wed, 16 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Oisf Oisf suricata
CPEs		cpe:2.3:a:oisf:suricata::::::::
Vendors & Products		Oisf Oisf suricata
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 16 Oct 2024 20:00:00 +0000

Type	Values Removed	Values Added
Description		Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.
Title		Suricata ja4: invalid alpn leads to panic
Weaknesses		CWE-617
References		https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7 https://redmine.openinfosecfoundation.org/issues/7267
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-10-16T19:40:32.172Z

Updated: 2025-09-25T16:46:37.848Z

Reserved: 2024-09-25T21:46:10.928Z

Link: CVE-2024-47522

Vulnrichment

Updated: 2025-09-25T16:46:37.848Z

NVD

Status : Modified

Published: 2024-10-16T20:15:06.083

Modified: 2025-09-25T17:15:37.140

Link: CVE-2024-47522

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object