CVE-2023-35852

{"id": "CVE-2023-35852", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-06-19T04:15:11.217", "references": [{"url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.stamus-networks.com/stamus-labs", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.stamus-networks.com/stamus-labs", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation."}, {"lang": "es", "value": "En Suricata antes de la versi\u00f3n 6.0.13 (cuando hay un adversario que controla una fuente externa de reglas), un nombre de archivo de conjunto de datos, que proviene de una regla, puede desencadenar el salto de directorios absolutos o relativos, y conducir al acceso de escritura a un sistema de archivos local. Esto se soluciona en 6.0.13 requiriendo \"allow-absolute-filenames\" y \"allow-write\" (en la secci\u00f3n de configuraci\u00f3n de reglas de conjuntos de datos) si una instalaci\u00f3n requiere saltar/escribir en esta situaci\u00f3n. "}], "lastModified": "2025-11-03T20:16:01.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FDDE2F7-D633-4FBC-8EE1-6145A82AC02F", "versionEndExcluding": "6.0.13"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}