CVE-2023-35852

In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17	Patch
https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335	Patch
https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13	Vendor Advisory
https://www.stamus-networks.com/stamus-labs	Not Applicable

Configurations

Configuration 1 (hide)

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-06-19 04:15

Updated : 2023-06-28 18:44

NVD link : CVE-2023-35852

Mitre link : CVE-2023-35852

CVE.ORG link : CVE-2023-35852

JSON object : View

Products Affected

oisf

suricata

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-35852", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-06-19T04:15:11.217", "references": [{"url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.stamus-networks.com/stamus-labs", "tags": ["Not Applicable"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation."}, {"lang": "es", "value": "En Suricata antes de la versi\u00f3n 6.0.13 (cuando hay un adversario que controla una fuente externa de reglas), un nombre de archivo de conjunto de datos, que proviene de una regla, puede desencadenar el salto de directorios absolutos o relativos, y conducir al acceso de escritura a un sistema de archivos local. Esto se soluciona en 6.0.13 requiriendo \"allow-absolute-filenames\" y \"allow-write\" (en la secci\u00f3n de configuraci\u00f3n de reglas de conjuntos de datos) si una instalaci\u00f3n requiere saltar/escribir en esta situaci\u00f3n. "}], "lastModified": "2023-06-28T18:44:55.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FDDE2F7-D633-4FBC-8EE1-6145A82AC02F", "versionEndExcluding": "6.0.13"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}