CVE-2023-35853
N/A
N/A
Summary
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/OISF/suricata/compare/suricata-6.0.12…suricata-6.0.13
- https://www.stamus-networks.com/stamus-labs
- https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://github.com/OISF/suricata/compare/suricata-6.0.12…suricata-6.0.13
- https://www.stamus-networks.com/stamus-labs
- https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.