CVE-2021-35063
published 2021-07-22CVE-2021-35063: Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.97%
78.0th percentile
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | suricata | < suricata 1:6.0.1-3 (bookworm) | suricata 1:6.0.1-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| oisf | suricata | < 5.0.7 | 5.0.7 |
| oisf | suricata | >= 0 < 1:6.0.1-3 | 1:6.0.1-3 |
| oisf | suricata | >= 0 < 1:6.0.1-3 | 1:6.0.1-3 |
| oisf | suricata | >= 0 < 1:6.0.1-3 | 1:6.0.1-3 |
| oisf | suricata | >= 0 < 1:6.0.1-3 | 1:6.0.1-3 |
| oisf | suricata | >= 6.0.0 < 6.0.3 | 6.0.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h9v2-m5qx-h268: Suricata before 5
ghsa_unreviewed·2022-05-24
CVE-2021-35063 [HIGH] GHSA-h9v2-m5qx-h268: Suricata before 5
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
OSV
CVE-2021-35063: Suricata before 5
osv·2021-07-22·CVSS 7.5
CVE-2021-35063 [HIGH] CVE-2021-35063: Suricata before 5
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
Debian
CVE-2021-35063: suricata - Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
vendor_debian·2021·CVSS 7.5
CVE-2021-35063 [HIGH] CVE-2021-35063: suricata - Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
Scope: local
bookworm: resolved (fixed in 1:6.0.1-3)
bullseye: resolved (fixed in 1:6.0.1-3)
forky: resolved (fixed in 1:6.0.1-3)
sid: resolved (fixed in 1:6.0.1-3)
trixie: resolved (fixed in 1:6.0.1-3)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835https://bugzilla.redhat.com/show_bug.cgi?id=1980453https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489https://github.com/OISF/suricata/releaseshttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL/https://security-tracker.debian.org/tracker/CVE-2021-35063https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835https://bugzilla.redhat.com/show_bug.cgi?id=1980453https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489https://github.com/OISF/suricata/releaseshttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL/https://security-tracker.debian.org/tracker/CVE-2021-35063
2021-07-22
Published