CVE-2023-35852
published 2023-06-19CVE-2023-35852: In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.10%
61.7th percentile
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | suricata | < suricata 1:6.0.1-3+deb11u1 (bullseye) | suricata 1:6.0.1-3+deb11u1 (bullseye) |
| oisf | suricata | < 6.0.13 | 6.0.13 |
| oisf | suricata | >= 0 < 1:6.0.1-3+deb11u1 | 1:6.0.1-3+deb11u1 |
| oisf | suricata | >= 0 < 1:6.0.13-1 | 1:6.0.13-1 |
| oisf | suricata | >= 0 < 1:6.0.13-1 | 1:6.0.13-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2023-35852: suricata - In Suricata before 6.0.13 (when there is an adversary who controls an external s...
vendor_debian·2023·CVSS 7.5
CVE-2023-35852 [HIGH] CVE-2023-35852: suricata - In Suricata before 6.0.13 (when there is an adversary who controls an external s...
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
Scope: local
bookworm: open
bullseye: resolved (fixed in 1:6.0.1-3+deb11u1)
forky: resolved (fixed in 1:6.0.13-1)
sid: resolved (fixed in 1:6.0.13-1)
trixie: resolved (fixed in 1:6.0.13-1)
GHSA
GHSA-747h-x2cf-7vm7: In Suricata before 6
ghsa_unreviewed·2023-06-19
CVE-2023-35852 [HIGH] CWE-22 GHSA-747h-x2cf-7vm7: In Suricata before 6
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
OSV
CVE-2023-35852: In Suricata before 6
osv·2023-06-19·CVSS 7.5
CVE-2023-35852 [HIGH] CVE-2023-35852: In Suricata before 6
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13https://www.stamus-networks.com/stamus-labshttps://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13https://lists.debian.org/debian-lts-announce/2025/03/msg00029.htmlhttps://www.stamus-networks.com/stamus-labs
2023-06-19
Published