CVE-2024-24568: 
Suricata vulnerability analysis and mitigation

Suricata, a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine, contained a vulnerability in versions prior to 7.0.3 where rules inspecting HTTP2 headers could be bypassed by crafted traffic (GitHub Advisory). The vulnerability was assigned CVE-2024-24568 and was patched in version 7.0.3.

The vulnerability relates to the handling of HTTP2 continuation frames as defined in RFC 9113. The issue stems from incomplete processing of header blocks that could be split over multiple HTTP2 frames. Prior to the fix, Suricata did not properly handle the reassembly of these split header blocks, leading to incomplete decoding of headers names and/or values while processing individual frames (Suricata Commit). The vulnerability has a CVSS v3.1 base score of 5.3 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (Ubuntu CVE).

The vulnerability could allow attackers to bypass rules inspecting HTTP2 headers through specially crafted traffic, potentially evading detection mechanisms (GitHub Advisory). This could compromise the effectiveness of the intrusion detection and prevention capabilities of affected Suricata installations.

The vulnerability has been patched in Suricata version 7.0.3. Users are advised to upgrade to this version or later to address the security issue (GitHub Advisory). The fix implements proper reassembly handling for HTTP2 continuation frames, ensuring complete processing of header blocks split across multiple frames (Suricata Commit).