CVE-2024-23835: 
Suricata vulnerability analysis and mitigation

CVE-2024-23835 affects Suricata, a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The vulnerability was discovered in versions prior to 7.0.3, where excessive memory use during PostgreSQL (pgsql) parsing could lead to out-of-memory (OOM) related crashes. The issue was disclosed on January 15, 2024, and has been patched in version 7.0.3 (GHSA Advisory, NVD).

The vulnerability stems from a quadratic complexity issue in the PostgreSQL parser that leads to overconsumption of memory when processing multiple small PDUs in one large chunk. The issue has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) and CWE-400 (Uncontrolled Resource Consumption) (GHSA Advisory, NVD).

The vulnerability can result in denial of service through out-of-memory crashes when processing PostgreSQL traffic. The impact is considered high severity, although it's worth noting that the affected protocol parser is not enabled by default in Suricata configurations (Redmine Issue).

Users are advised to upgrade to Suricata version 7.0.3 or later which contains the fix. As a workaround, users can disable the PostgreSQL app layer parser if immediate upgrading is not possible. The fix has been implemented through commits that modify the PDU parsing behavior to prevent memory overconsumption (GHSA Advisory, Fedora Update).