All the vulnerabilites related to OISF - suricata
cve-2024-24568
Vulnerability from cvelistv5
Published
2024-02-26 15:54
Modified
2024-08-26 14:36
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c"
},
{
"name": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6717",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6717"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "38"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "39"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T20:18:31.069822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T14:36:16.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-26T15:54:52.314Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c"
},
{
"name": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6717",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6717"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"source": {
"advisory": "GHSA-gv29-5hqw-5h8c",
"discovery": "UNKNOWN"
},
"title": "Suricata http2: header handling evasion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24568",
"datePublished": "2024-02-26T15:54:52.314Z",
"dateReserved": "2024-01-25T15:09:40.210Z",
"dateUpdated": "2024-08-26T14:36:16.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23839
Vulnerability from cvelistv5
Published
2024-02-26 15:48
Modified
2024-08-15 19:30
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7"
},
{
"name": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6657",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6657"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T14:59:23.872531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:30:14.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-26T16:00:05.013Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7"
},
{
"name": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6657",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6657"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"source": {
"advisory": "GHSA-qxj6-hr2p-mmc7",
"discovery": "UNKNOWN"
},
"title": "Suricata http: heap use after free with http.request_header and http.response_header keywords"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23839",
"datePublished": "2024-02-26T15:48:16.120Z",
"dateReserved": "2024-01-22T22:23:54.342Z",
"dateUpdated": "2024-08-15T19:30:14.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47522
Vulnerability from cvelistv5
Published
2024-10-16 19:40
Modified
2024-10-16 20:10
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7 | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/7267 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47522",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T20:09:30.525598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T20:10:30.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:40:32.172Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7267",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7267"
}
],
"source": {
"advisory": "GHSA-w5xv-6586-jpm7",
"discovery": "UNKNOWN"
},
"title": "Suricata ja4: invalid alpn leads to panic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47522",
"datePublished": "2024-10-16T19:40:32.172Z",
"dateReserved": "2024-09-25T21:46:10.928Z",
"dateUpdated": "2024-10-16T20:10:30.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38536
Vulnerability from cvelistv5
Published
2024-07-11 14:54
Modified
2024-08-02 04:12
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/7029 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7033 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:00:51.819723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:02:36.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7029",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7029"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7033",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:54:32.547Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7029",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7029"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7033",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7033"
}
],
"source": {
"advisory": "GHSA-j32j-4w6g-94hh",
"discovery": "UNKNOWN"
},
"title": "Suricata http/range: NULL-ptr deref when http.memcap is reached"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38536",
"datePublished": "2024-07-11T14:54:32.547Z",
"dateReserved": "2024-06-18T16:37:02.729Z",
"dateUpdated": "2024-08-02T04:12:25.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18792
Vulnerability from cvelistv5
Published
2020-01-06 17:52
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://redmine.openinfosecfoundation.org/issues/3324 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/3394 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b"
},
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2087-1] suricata security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T17:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b"
},
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2087-1] suricata security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redmine.openinfosecfoundation.org/issues/3324",
"refsource": "MISC",
"url": "https://redmine.openinfosecfoundation.org/issues/3324"
},
{
"name": "https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006",
"refsource": "CONFIRM",
"url": "https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/3394",
"refsource": "MISC",
"url": "https://redmine.openinfosecfoundation.org/issues/3394"
},
{
"name": "https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b",
"refsource": "CONFIRM",
"url": "https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b"
},
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2087-1] suricata security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18792",
"datePublished": "2020-01-06T17:52:54",
"dateReserved": "2019-11-06T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1010279
Vulnerability from cvelistv5
Published
2019-07-18 18:07
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://redmine.openinfosecfoundation.org/issues/2770 | x_refsource_MISC | |
| https://github.com/OISF/suricata/pull/3625 | x_refsource_MISC | |
| https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open Information Security Foundation | Suricata |
Version: prior to version 4.1.3 [fixed: 4.1.3] |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/2770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/pull/3625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Suricata",
"vendor": "Open Information Security Foundation",
"versions": [
{
"status": "affected",
"version": "prior to version 4.1.3 [fixed: 4.1.3]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service - TCP/HTTP detection bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-18T18:07:29",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/2770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/pull/3625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Suricata",
"version": {
"version_data": [
{
"version_value": "prior to version 4.1.3 [fixed: 4.1.3]"
}
]
}
}
]
},
"vendor_name": "Open Information Security Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service - TCP/HTTP detection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redmine.openinfosecfoundation.org/issues/2770",
"refsource": "MISC",
"url": "https://redmine.openinfosecfoundation.org/issues/2770"
},
{
"name": "https://github.com/OISF/suricata/pull/3625",
"refsource": "MISC",
"url": "https://github.com/OISF/suricata/pull/3625"
},
{
"name": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b",
"refsource": "MISC",
"url": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010279",
"datePublished": "2019-07-18T18:07:29",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-05T03:07:18.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37151
Vulnerability from cvelistv5
Published
2024-07-11 14:39
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.
Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24 | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7041 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7042 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:6.0.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "6.0.20",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:oisf:suricata:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:59:30.704290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:51:20.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24"
},
{
"name": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0"
},
{
"name": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7041",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7041"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7042",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.20"
},
{
"status": "affected",
"version": "\u003e= 7.0.0,\u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. \nMishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:39:32.766Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24"
},
{
"name": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0"
},
{
"name": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7041",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7041"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7042",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7042"
}
],
"source": {
"advisory": "GHSA-qrp7-g66m-px24",
"discovery": "UNKNOWN"
},
"title": "Suricata defrag: IP ID reuse can lead to policy bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37151",
"datePublished": "2024-07-11T14:39:32.766Z",
"dateReserved": "2024-06-03T17:29:38.328Z",
"dateUpdated": "2024-08-02T03:50:54.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35063
Vulnerability from cvelistv5
Published
2021-07-22 17:01
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/releases | x_refsource_MISC | |
| https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489 | x_refsource_CONFIRM | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835 | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2021-35063 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1980453 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:50.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-35063"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980453"
},
{
"name": "FEDORA-2021-ad5883c848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL/"
},
{
"name": "FEDORA-2021-c7fd9e9126",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata before 5.0.7 and 6.x before 6.0.3 has a \"critical evasion.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-28T02:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-35063"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980453"
},
{
"name": "FEDORA-2021-ad5883c848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL/"
},
{
"name": "FEDORA-2021-c7fd9e9126",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Suricata before 5.0.7 and 6.x before 6.0.3 has a \"critical evasion.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OISF/suricata/releases",
"refsource": "MISC",
"url": "https://github.com/OISF/suricata/releases"
},
{
"name": "https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489",
"refsource": "CONFIRM",
"url": "https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2021-35063",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-35063"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980453",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980453"
},
{
"name": "FEDORA-2021-ad5883c848",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL/"
},
{
"name": "FEDORA-2021-c7fd9e9126",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35063",
"datePublished": "2021-07-22T17:01:40",
"dateReserved": "2021-06-21T00:00:00",
"dateUpdated": "2024-08-04T00:33:50.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45098
Vulnerability from cvelistv5
Published
2021-12-16 04:07
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/releases | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/4710 | x_refsource_MISC | |
| https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/4710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it\u0027s possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client\u0027s request. These packets will not trigger a Suricata reject action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-16T04:07:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/4710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it\u0027s possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client\u0027s request. These packets will not trigger a Suricata reject action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OISF/suricata/releases",
"refsource": "MISC",
"url": "https://github.com/OISF/suricata/releases"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/4710",
"refsource": "MISC",
"url": "https://redmine.openinfosecfoundation.org/issues/4710"
},
{
"name": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942",
"refsource": "MISC",
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"name": "https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df",
"refsource": "MISC",
"url": "https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45098",
"datePublished": "2021-12-16T04:07:57",
"dateReserved": "2021-12-16T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10244
Vulnerability from cvelistv5
Published
2019-04-04 15:04
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-04T15:04:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/",
"refsource": "CONFIRM",
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10244",
"datePublished": "2019-04-04T15:04:13",
"dateReserved": "2018-04-20T00:00:00",
"dateUpdated": "2024-08-05T07:32:01.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47187
Vulnerability from cvelistv5
Published
2024-10-16 18:50
Modified
2024-10-16 19:40
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/7209 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T19:39:21.481679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:40:34.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:50:53.726Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7209",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7209"
}
],
"source": {
"advisory": "GHSA-64ww-4f6x-863p",
"discovery": "UNKNOWN"
},
"title": "Suricata datasets: missing hashtable random seed leads to potential DoS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47187",
"datePublished": "2024-10-16T18:50:53.726Z",
"dateReserved": "2024-09-19T22:32:11.963Z",
"dateUpdated": "2024-10-16T19:40:34.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1010251
Vulnerability from cvelistv5
Published
2019-07-18 17:48
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://redmine.openinfosecfoundation.org/issues/2736 | x_refsource_MISC | |
| https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe | x_refsource_MISC | |
| https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open Information Security Foundation | Suricata |
Version: prior to version 4.1.2 [fixed: 4.1.2] |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/2736"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Suricata",
"vendor": "Open Information Security Foundation",
"versions": [
{
"status": "affected",
"version": "prior to version 4.1.2 [fixed: 4.1.2]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service - DNS detection bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-18T17:48:48",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/2736"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Suricata",
"version": {
"version_data": [
{
"version_value": "prior to version 4.1.2 [fixed: 4.1.2]"
}
]
}
}
]
},
"vendor_name": "Open Information Security Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service - DNS detection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redmine.openinfosecfoundation.org/issues/2736",
"refsource": "MISC",
"url": "https://redmine.openinfosecfoundation.org/issues/2736"
},
{
"name": "https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe",
"refsource": "MISC",
"url": "https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe"
},
{
"name": "https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b",
"refsource": "MISC",
"url": "https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010251",
"datePublished": "2019-07-18T17:48:48",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-05T03:07:18.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23835
Vulnerability from cvelistv5
Published
2024-02-26 15:35
Modified
2024-08-28 16:25
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc"
},
{
"name": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd"
},
{
"name": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6411",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6411"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThanOrEqual": "7.0.2",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T18:27:59.524895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:25:05.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-26T15:35:07.302Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc"
},
{
"name": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd"
},
{
"name": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6411",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6411"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"source": {
"advisory": "GHSA-8583-353f-mvwc",
"discovery": "UNKNOWN"
},
"title": "Suricata\u0027s pgsql: memory exhaustion use on record parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23835",
"datePublished": "2024-02-26T15:35:07.302Z",
"dateReserved": "2024-01-22T22:23:54.340Z",
"dateUpdated": "2024-08-28T16:25:05.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47188
Vulnerability from cvelistv5
Published
2024-10-16 18:58
Modified
2024-10-16 19:38
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872 | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/7289 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T19:38:43.339478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:38:54.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:58:11.542Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7289",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7289"
}
],
"source": {
"advisory": "GHSA-qq5v-qcjx-f872",
"discovery": "UNKNOWN"
},
"title": "Suricata http/byte-ranges: missing hashtable random seed leads to potential DoS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47188",
"datePublished": "2024-10-16T18:58:11.542Z",
"dateReserved": "2024-09-19T22:32:11.964Z",
"dateUpdated": "2024-10-16T19:38:54.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23836
Vulnerability from cvelistv5
Published
2024-02-26 15:44
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T14:33:18.701351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:51.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
},
{
"name": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
},
{
"name": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
},
{
"name": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
},
{
"name": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
},
{
"name": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
},
{
"name": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
},
{
"name": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
},
{
"name": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
},
{
"name": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
},
{
"name": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6531",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6531"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6532",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6532"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6540",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6540"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6658",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6658"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6659",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6659"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6660",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6660"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-26T15:44:03.308Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
},
{
"name": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
},
{
"name": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
},
{
"name": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
},
{
"name": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
},
{
"name": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
},
{
"name": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
},
{
"name": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
},
{
"name": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
},
{
"name": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
},
{
"name": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6531",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6531"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6532",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6532"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6540",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6540"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6658",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6658"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6659",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6659"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6660",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6660"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"source": {
"advisory": "GHSA-q33q-45cr-3cpc",
"discovery": "UNKNOWN"
},
"title": "crafted traffic can cause denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23836",
"datePublished": "2024-02-26T15:44:03.308Z",
"dateReserved": "2024-01-22T22:23:54.340Z",
"dateUpdated": "2024-08-01T23:13:08.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-32867
Vulnerability from cvelistv5
Published
2024-05-07 15:06
Modified
2024-08-02 02:20
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5 | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/6672 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/6673 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/6677 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c= 6.0.18, \u003e= 7.0.0, \u003c= 7.0.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T18:45:46.899664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:44.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5"
},
{
"name": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9"
},
{
"name": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66"
},
{
"name": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634"
},
{
"name": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b"
},
{
"name": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9"
},
{
"name": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6672",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6672"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6673",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6673"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6677",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c= 6.0.18"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T15:06:58.326Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5"
},
{
"name": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9"
},
{
"name": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66"
},
{
"name": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634"
},
{
"name": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b"
},
{
"name": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9"
},
{
"name": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6672",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6672"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6673",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6673"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6677",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6677"
}
],
"source": {
"advisory": "GHSA-xvrx-88mv-xcq5",
"discovery": "UNKNOWN"
},
"title": "Suricata\u0027s defrag contains various issues leading to policy bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32867",
"datePublished": "2024-05-07T15:06:58.326Z",
"dateReserved": "2024-04-19T14:07:11.228Z",
"dateUpdated": "2024-08-02T02:20:35.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5919
Vulnerability from cvelistv5
Published
2014-05-30 14:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
References
| ▼ | URL | Tags |
|---|---|---|
| http://suricata-ids.org/2013/09/24/suricata-1-4-6-released/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87492 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/54968 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://suricata-ids.org/2013/09/24/suricata-1-4-6-released/"
},
{
"name": "suricata-cve20135919-ssl-dos(87492)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87492"
},
{
"name": "54968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://suricata-ids.org/2013/09/24/suricata-1-4-6-released/"
},
{
"name": "suricata-cve20135919-ssl-dos(87492)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87492"
},
{
"name": "54968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://suricata-ids.org/2013/09/24/suricata-1-4-6-released/",
"refsource": "CONFIRM",
"url": "http://suricata-ids.org/2013/09/24/suricata-1-4-6-released/"
},
{
"name": "suricata-cve20135919-ssl-dos(87492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87492"
},
{
"name": "54968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5919",
"datePublished": "2014-05-30T14:00:00",
"dateReserved": "2013-09-19T00:00:00",
"dateUpdated": "2024-08-06T17:29:41.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55628
Vulnerability from cvelistv5
Published
2025-01-06 18:02
Modified
2025-01-06 19:14
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7280 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T19:14:22.117040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T19:14:33.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-779",
"description": "CWE-779: Logging of Excessive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T18:02:10.692Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j"
},
{
"name": "https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951"
},
{
"name": "https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d"
},
{
"name": "https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7280",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7280"
}
],
"source": {
"advisory": "GHSA-96w4-jqwf-qx2j",
"discovery": "UNKNOWN"
},
"title": "Suricata oversized resource names utilizing DNS name compression can lead to resource starvation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55628",
"datePublished": "2025-01-06T18:02:10.692Z",
"dateReserved": "2024-12-09T17:48:05.557Z",
"dateUpdated": "2025-01-06T19:14:33.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38534
Vulnerability from cvelistv5
Published
2024-07-11 14:47
Modified
2024-08-02 04:12
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/6987 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/6988 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:10:00.733341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T19:44:00.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq"
},
{
"name": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6987",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6987"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6988",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:47:47.913Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq"
},
{
"name": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6987",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6987"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6988",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6988"
}
],
"source": {
"advisory": "GHSA-59qg-h357-69fq",
"discovery": "UNKNOWN"
},
"title": "Suricata modbus: txs without responses are never freed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38534",
"datePublished": "2024-07-11T14:47:47.913Z",
"dateReserved": "2024-06-18T16:37:02.729Z",
"dateUpdated": "2024-08-02T04:12:25.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55629
Vulnerability from cvelistv5
Published
2025-01-06 18:04
Modified
2025-01-06 18:51
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -> any any (sid:1; tcp.flags:U*;) to drop all the packets with urgent flag set.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2 | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7411 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T18:51:44.782998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T18:51:58.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -\u003e any any (sid:1; tcp.flags:U*;) to drop all the packets with urgent flag set."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-437",
"description": "CWE-437: Incomplete Model of Endpoint Features",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T18:04:08.180Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2"
},
{
"name": "https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7"
},
{
"name": "https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7411",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7411"
}
],
"source": {
"advisory": "GHSA-69wr-vhwg-84h2",
"discovery": "UNKNOWN"
},
"title": "Suricata generic detection bypass using TCP urgent support"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55629",
"datePublished": "2025-01-06T18:04:08.180Z",
"dateReserved": "2024-12-09T17:48:05.557Z",
"dateUpdated": "2025-01-06T18:51:58.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18625
Vulnerability from cvelistv5
Published
2020-01-06 20:09
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://redmine.openinfosecfoundation.org/issues/3286 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/3395 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0"
},
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2087-1] suricata security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T17:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0"
},
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2087-1] suricata security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redmine.openinfosecfoundation.org/issues/3286",
"refsource": "MISC",
"url": "https://redmine.openinfosecfoundation.org/issues/3286"
},
{
"name": "https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318",
"refsource": "CONFIRM",
"url": "https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/3395",
"refsource": "MISC",
"url": "https://redmine.openinfosecfoundation.org/issues/3395"
},
{
"name": "https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0",
"refsource": "CONFIRM",
"url": "https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0"
},
{
"name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2087-1] suricata security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18625",
"datePublished": "2020-01-06T20:09:13",
"dateReserved": "2019-10-29T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38535
Vulnerability from cvelistv5
Published
2024-07-11 14:50
Modified
2024-08-02 04:12
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563 | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7104 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7105 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7112 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "6.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:02:37.781270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:08:53.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563"
},
{
"name": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7"
},
{
"name": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7104",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7104"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7105",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7105"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7112",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.20"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:50:24.147Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563"
},
{
"name": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7"
},
{
"name": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7104",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7104"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7105",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7105"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7112",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7112"
}
],
"source": {
"advisory": "GHSA-cg8j-7mwm-v563",
"discovery": "UNKNOWN"
},
"title": "Suricata http2: oom from duplicate headers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38535",
"datePublished": "2024-07-11T14:50:24.147Z",
"dateReserved": "2024-06-18T16:37:02.729Z",
"dateUpdated": "2024-08-02T04:12:25.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-19678
Vulnerability from cvelistv5
Published
2023-04-06 00:00
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/8dj59053"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html"
},
{
"url": "https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3"
},
{
"url": "https://pastebin.com/8dj59053"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19678",
"datePublished": "2023-04-06T00:00:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35852
Vulnerability from cvelistv5
Published
2023-06-19 00:00
Modified
2024-12-11 17:05
Severity ?
EPSS score ?
Summary
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.stamus-networks.com/stamus-labs"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T17:05:14.989150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T17:05:39.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-19T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
},
{
"url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335"
},
{
"url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17"
},
{
"url": "https://www.stamus-networks.com/stamus-labs"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35852",
"datePublished": "2023-06-19T00:00:00",
"dateReserved": "2023-06-19T00:00:00",
"dateUpdated": "2024-12-11T17:05:39.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55605
Vulnerability from cvelistv5
Published
2025-01-06 17:07
Modified
2025-01-06 17:22
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289 | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/7229 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T17:20:58.873556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:22:20.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:07:18.849Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7229",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7229"
}
],
"source": {
"advisory": "GHSA-x2hr-33vp-w289",
"discovery": "UNKNOWN"
},
"title": "Suricata allows stack overflow in transforms"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55605",
"datePublished": "2025-01-06T17:07:18.849Z",
"dateReserved": "2024-12-09T14:22:52.524Z",
"dateUpdated": "2025-01-06T17:22:20.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45795
Vulnerability from cvelistv5
Published
2024-10-16 18:34
Modified
2024-10-17 17:14
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/7195 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T17:14:16.727673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:14:45.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented \"unset\" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:34:53.179Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7195",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7195"
}
],
"source": {
"advisory": "GHSA-6r8w-fpw6-cp9g",
"discovery": "UNKNOWN"
},
"title": "Suricata detect/datasets: reachable assertion with unimplemented rule option"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45795",
"datePublished": "2024-10-16T18:34:53.179Z",
"dateReserved": "2024-09-09T14:23:07.502Z",
"dateUpdated": "2024-10-17T17:14:45.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10242
Vulnerability from cvelistv5
Published
2019-04-04 14:59
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
},
{
"name": "[debian-lts-announce] 20190408 [SECURITY] [DLA 1751-1] suricata security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-08T22:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
},
{
"name": "[debian-lts-announce] 20190408 [SECURITY] [DLA 1751-1] suricata security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/",
"refsource": "CONFIRM",
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
},
{
"name": "[debian-lts-announce] 20190408 [SECURITY] [DLA 1751-1] suricata security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10242",
"datePublished": "2019-04-04T14:59:50",
"dateReserved": "2018-04-20T00:00:00",
"dateUpdated": "2024-08-05T07:32:01.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55626
Vulnerability from cvelistv5
Published
2025-01-06 17:47
Modified
2025-01-06 19:15
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7366 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T19:15:39.252344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T19:15:49.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:47:07.213Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v"
},
{
"name": "https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7366",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7366"
}
],
"source": {
"advisory": "GHSA-wmg4-jqx5-4h9v",
"discovery": "UNKNOWN"
},
"title": "Suricata oversized bpf file can lead to buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55626",
"datePublished": "2025-01-06T17:47:07.213Z",
"dateReserved": "2024-12-09T17:48:05.556Z",
"dateUpdated": "2025-01-06T19:15:49.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-32663
Vulnerability from cvelistv5
Published
2024-05-07 14:48
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/6892 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/6900 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T17:39:47.421590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:29.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:40.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"
},
{
"name": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"
},
{
"name": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"
},
{
"name": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"
},
{
"name": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6892",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6892"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6900",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.4"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c= 6.0.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T14:48:20.366Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"
},
{
"name": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"
},
{
"name": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"
},
{
"name": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"
},
{
"name": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6892",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6892"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6900",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6900"
}
],
"source": {
"advisory": "GHSA-9jxm-qw9v-266r",
"discovery": "UNKNOWN"
},
"title": "Suricata \u0027s http2 parser contains an improper compressed header handling can lead to resource starvation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32663",
"datePublished": "2024-05-07T14:48:20.366Z",
"dateReserved": "2024-04-16T14:15:26.878Z",
"dateUpdated": "2024-08-02T02:13:40.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-32664
Vulnerability from cvelistv5
Published
2024-05-07 14:57
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7 | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379 | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThanOrEqual": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T18:13:57.659920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:44.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:40.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7"
},
{
"name": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379"
},
{
"name": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c= 6.0.18"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T14:57:01.967Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7"
},
{
"name": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379"
},
{
"name": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4"
}
],
"source": {
"advisory": "GHSA-79vh-hpwq-3jh7",
"discovery": "UNKNOWN"
},
"title": "Suricata\u0027s base64 contains an out of bounds write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32664",
"datePublished": "2024-05-07T14:57:01.967Z",
"dateReserved": "2024-04-16T14:15:26.878Z",
"dateUpdated": "2024-08-02T02:13:40.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10050
Vulnerability from cvelistv5
Published
2019-05-13 16:18
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.openinfosecfoundation.org/pipermail/oisf-announce/ | x_refsource_MISC | |
| https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T16:18:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/",
"refsource": "MISC",
"url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"
},
{
"name": "https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/",
"refsource": "MISC",
"url": "https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10050",
"datePublished": "2019-05-13T16:18:52",
"dateReserved": "2019-03-25T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35853
Vulnerability from cvelistv5
Published
2023-06-19 00:00
Modified
2024-12-11 17:04
Severity ?
EPSS score ?
Summary
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.stamus-networks.com/stamus-labs"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T17:00:05.266506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T17:04:00.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-19T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
},
{
"url": "https://www.stamus-networks.com/stamus-labs"
},
{
"url": "https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35853",
"datePublished": "2023-06-19T00:00:00",
"dateReserved": "2023-06-19T00:00:00",
"dateUpdated": "2024-12-11T17:04:00.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45796
Vulnerability from cvelistv5
Published
2024-10-16 18:41
Modified
2024-10-17 17:16
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/7067 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T17:15:59.665953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:16:06.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:41:43.559Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7067",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7067"
}
],
"source": {
"advisory": "GHSA-mf6r-3xp2-v7xg",
"discovery": "UNKNOWN"
},
"title": "Suricata defrag: off by one can lead to policy bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45796",
"datePublished": "2024-10-16T18:41:43.559Z",
"dateReserved": "2024-09-09T14:23:07.502Z",
"dateUpdated": "2024-10-17T17:16:06.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55627
Vulnerability from cvelistv5
Published
2025-01-06 17:50
Modified
2025-01-06 19:15
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v | x_refsource_CONFIRM | |
| https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be | x_refsource_MISC | |
| https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432 | x_refsource_MISC | |
| https://redmine.openinfosecfoundation.org/issues/7393 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T19:15:00.575209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T19:15:13.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:50:41.554Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v"
},
{
"name": "https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd"
},
{
"name": "https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be"
},
{
"name": "https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7393",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7393"
}
],
"source": {
"advisory": "GHSA-h2mv-7gg8-8x7v",
"discovery": "UNKNOWN"
},
"title": "Suricata segfault on StreamingBufferSlideToOffsetWithRegions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55627",
"datePublished": "2025-01-06T17:50:41.554Z",
"dateReserved": "2024-12-09T17:48:05.556Z",
"dateUpdated": "2025-01-06T19:15:13.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37592
Vulnerability from cvelistv5
Published
2021-11-19 14:18
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/releases | x_refsource_MISC | |
| https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 | x_refsource_CONFIRM | |
| https://redmine.openinfosecfoundation.org/issues/4569 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/4569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T14:18:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://redmine.openinfosecfoundation.org/issues/4569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OISF/suricata/releases",
"refsource": "MISC",
"url": "https://github.com/OISF/suricata/releases"
},
{
"name": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942",
"refsource": "CONFIRM",
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/4569",
"refsource": "CONFIRM",
"url": "https://redmine.openinfosecfoundation.org/issues/4569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37592",
"datePublished": "2021-11-19T14:18:58",
"dateReserved": "2021-07-27T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28870
Vulnerability from cvelistv5
Published
2024-04-03 21:13
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThanOrEqual": "6.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T15:03:26.307651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T15:04:51.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:58.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T21:13:48.470Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8"
}
],
"source": {
"advisory": "GHSA-mhhx-xw7r-r5c8",
"discovery": "UNKNOWN"
},
"title": "Suricata uses excessive resource use in malformed ssh traffic parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28870",
"datePublished": "2024-04-03T21:13:48.470Z",
"dateReserved": "2024-03-11T22:45:07.688Z",
"dateUpdated": "2024-08-02T00:56:58.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-06-19 04:15
Modified
2024-11-21 08:08
Severity ?
Summary
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDDE2F7-D633-4FBC-8EE1-6145A82AC02F",
"versionEndExcluding": "6.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation."
},
{
"lang": "es",
"value": "En Suricata antes de la versi\u00f3n 6.0.13 (cuando hay un adversario que controla una fuente externa de reglas), un nombre de archivo de conjunto de datos, que proviene de una regla, puede desencadenar el salto de directorios absolutos o relativos, y conducir al acceso de escritura a un sistema de archivos local. Esto se soluciona en 6.0.13 requiriendo \"allow-absolute-filenames\" y \"allow-write\" (en la secci\u00f3n de configuraci\u00f3n de reglas de conjuntos de datos) si una instalaci\u00f3n requiere saltar/escribir en esta situaci\u00f3n. "
}
],
"id": "CVE-2023-35852",
"lastModified": "2024-11-21T08:08:49.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-19T04:15:11.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.stamus-networks.com/stamus-labs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.stamus-networks.com/stamus-labs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-04 15:29
Modified
2024-11-21 03:41
Severity ?
Summary
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html | Third Party Advisory | |
| cve@mitre.org | https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oisf | suricata | 4.0.4 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E3C16-A589-4B73-8B36-F3924DDF5F31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check."
},
{
"lang": "es",
"value": "La versi\u00f3n 4.0.4 de Suricata gestiona de manera incorrecta el an\u00e1lisis del banner SSH. Un banner SSH mal formado puede hacer que el c\u00f3digo de an\u00e1lisis lea m\u00e1s all\u00e1 de los datos asignados porque SSHParseBanner en app-layer-ssh.c carece de comprobaci\u00f3n de longitud."
}
],
"id": "CVE-2018-10242",
"lastModified": "2024-11-21T03:41:05.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-04T15:29:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-07 15:15
Modified
2024-12-19 19:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D75940C-F39A-466B-9E79-D2E19DA182C5",
"versionEndExcluding": "6.0.19",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A158A8DB-3609-488B-B986-52575C649704",
"versionEndExcluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de 7.0.5 y 6.0.19, el tr\u00e1fico o los conjuntos de datos especialmente manipulados pueden provocar un desbordamiento limitado del b\u00fafer. Esta vulnerabilidad se solucion\u00f3 en 7.0.5 y 6.0.19. Los workarounds incluyen no usar reglas con la palabra clave `base64_decode` con la opci\u00f3n `bytes` con valor 1, 2 o 5 y para 7.0.x, establecer `app-layer.protocols.smtp.mime.body-md5` en falso."
}
],
"id": "CVE-2024-32664",
"lastModified": "2024-12-19T19:46:05.803",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-07T15:15:08.937",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-13 17:29
Modified
2024-11-21 04:18
Severity ?
Summary
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.openinfosecfoundation.org/pipermail/oisf-announce/ | Third Party Advisory | |
| cve@mitre.org | https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.openinfosecfoundation.org/pipermail/oisf-announce/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F301FC21-7AD7-46B5-B85C-FCB0C5B3DBF5",
"versionEndExcluding": "4.1.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de sobrelectura de b\u00fafer en Suricata, versiones 4.1.x anteriores a 4.1.4. Si la entrada de la funci\u00f3n decode-mpls.c DecodeMPLS est\u00e1 compuesta s\u00f3lo por un paquete de direcci\u00f3n de origen y direcci\u00f3n de destino m\u00e1s el campo de tipo correcto y el n\u00famero correcto de shim, un atacante puede manipular el flujo de control, de tal forma que la condici\u00f3n para abandonar el bucle sea verdadera. Despu\u00e9s de salir del bucle, el paquete de red tiene una longitud de 2 bytes. No hay validaci\u00f3n de esta longitud. M\u00e1s tarde, el c\u00f3digo intenta leer en una posici\u00f3n vac\u00eda, provocando un fallo."
}
],
"id": "CVE-2019-10050",
"lastModified": "2024-11-21T04:18:17.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-13T17:29:02.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-16 05:15
Modified
2024-11-21 06:31
Severity ?
Summary
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/OISF/suricata/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://redmine.openinfosecfoundation.org/issues/4710 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OISF/suricata/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://redmine.openinfosecfoundation.org/issues/4710 | Exploit, Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oisf | suricata | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58D90161-8343-4EB0-BF64-2EEFFABDCEE6",
"versionEndExcluding": "6.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it\u0027s possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client\u0027s request. These packets will not trigger a Suricata reject action."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Suricata versiones anteriores a 6.0.4. Es posible omitir/evadir cualquier firma basada en HTTP al falsificar un paquete RST TCP con opciones TCP aleatorias del md5header desde el lado del cliente. Despu\u00e9s del handshake de tres v\u00edas, es posible inyectar un RST ACK con una opci\u00f3n TCP md5header aleatoria. Entonces, el cliente puede enviar una petici\u00f3n HTTP GET con una URL prohibida. El servidor ignorar\u00e1 el RST ACK y enviar\u00e1 el paquete HTTP de respuesta para la petici\u00f3n del cliente. Estos paquetes no desencadenar\u00e1n una acci\u00f3n de rechazo de Suricata"
}
],
"id": "CVE-2021-45098",
"lastModified": "2024-11-21T06:31:57.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-16T05:15:08.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/4710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/4710"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 19:15
Modified
2024-10-22 13:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "444932ED-FCA1-4C9B-90CE-C3EEFAAA9DB2",
"versionEndExcluding": "7.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, la falta de inicializaci\u00f3n de la semilla aleatoria para \"thash\" provocaba que los conjuntos de datos tuvieran un comportamiento de tabla hash predecible. Esto puede provocar que la carga de archivos de conjuntos de datos utilice un tiempo excesivo para cargarse, as\u00ed como problemas de rendimiento en tiempo de ejecuci\u00f3n durante el manejo del tr\u00e1fico. Este problema se ha solucionado en la versi\u00f3n 7.0.7. Como workaround, evite cargar conjuntos de datos de fuentes no confiables. Evite las reglas de conjuntos de datos que rastrean el tr\u00e1fico en las reglas."
}
],
"id": "CVE-2024-47187",
"lastModified": "2024-10-22T13:48:59.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T19:15:27.407",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7209"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 19:15
Modified
2024-10-22 13:50
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "444932ED-FCA1-4C9B-90CE-C3EEFAAA9DB2",
"versionEndExcluding": "7.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, la falta de inicializaci\u00f3n de la semilla aleatoria para \"thash\" provocaba que el seguimiento del rango de bytes tuviera un comportamiento de tabla hash predecible. Esto puede provocar que un atacante fuerce una gran cantidad de datos en un solo contenedor hash, lo que provoca una degradaci\u00f3n grave del rendimiento. Este problema se ha solucionado en la versi\u00f3n 7.0.7."
}
],
"id": "CVE-2024-47188",
"lastModified": "2024-10-22T13:50:17.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T19:15:27.670",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7289"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-07 15:15
Modified
2024-12-19 19:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D75940C-F39A-466B-9E79-D2E19DA182C5",
"versionEndExcluding": "6.0.19",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A158A8DB-3609-488B-B986-52575C649704",
"versionEndExcluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de 7.0.5 y 6.0.19, varios problemas en el manejo de anomal\u00edas de fragmentaci\u00f3n pueden provocar una detecci\u00f3n err\u00f3nea de reglas y pol\u00edticas. Esta vulnerabilidad se solucion\u00f3 en 7.0.5 o 6.0.19."
}
],
"id": "CVE-2024-32867",
"lastModified": "2024-12-19T19:48:46.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-07T15:15:09.143",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6672"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6673"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6677"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-11 15:15
Modified
2024-11-21 09:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B17F0F5-06E7-4E0E-B29B-22B0E159CCA7",
"versionEndExcluding": "7.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. El tr\u00e1fico modbus manipulado puede generar una acumulaci\u00f3n ilimitada de recursos dentro de un flujo. Actualice a 7.0.6. Establezca una profundidad de reensamblaje de flujo limitada para reducir el problema."
}
],
"id": "CVE-2024-38534",
"lastModified": "2024-11-21T09:26:14.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-11T15:15:12.350",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6987"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6988"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-18 19:15
Modified
2024-11-21 04:18
Severity ?
Summary
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| josh@bress.net | https://github.com/OISF/suricata/pull/3625 | Third Party Advisory | |
| josh@bress.net | https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b | Patch, Third Party Advisory | |
| josh@bress.net | https://redmine.openinfosecfoundation.org/issues/2770 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OISF/suricata/pull/3625 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://redmine.openinfosecfoundation.org/issues/2770 | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C3BA5C-868A-42AC-B9EE-D98E7E122D6D",
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3."
},
{
"lang": "es",
"value": "Open Information Security Foundation Suricata en versiones anteriores a la 4.1.3 se ve afectada por: Denegaci\u00f3n de servicio: omisi\u00f3n de detecci\u00f3n de TCP/HTTP. El impacto es: un atacante puede evadir una detecci\u00f3n de firmas con una secuencia especialmente formada de paquetes de red. El componente es: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). El vector de ataque es: Un atacante puede activar la vulnerabilidad mediante una sesi\u00f3n TCP de red espec\u00edficamente dise\u00f1ada. La versi\u00f3n corregida es: 4.1.3."
}
],
"id": "CVE-2019-1010279",
"lastModified": "2024-11-21T04:18:07.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-18T19:15:11.317",
"references": [
{
"source": "josh@bress.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/pull/3625"
},
{
"source": "josh@bress.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b"
},
{
"source": "josh@bress.net",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/2770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/pull/3625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/2770"
}
],
"sourceIdentifier": "josh@bress.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-30 14:55
Modified
2024-11-21 01:58
Severity ?
Summary
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oisf | suricata | 1.3 | |
| oisf | suricata | 1.3 | |
| oisf | suricata | 1.3 | |
| oisf | suricata | 1.3.1 | |
| oisf | suricata | 1.3.2 | |
| oisf | suricata | 1.3.3 | |
| oisf | suricata | 1.3.4 | |
| oisf | suricata | 1.3.5 | |
| oisf | suricata | 1.3.6 | |
| oisf | suricata | 1.4 | |
| oisf | suricata | 1.4 | |
| oisf | suricata | 1.4 | |
| oisf | suricata | 1.4 | |
| oisf | suricata | 1.4.1 | |
| oisf | suricata | 1.4.2 | |
| oisf | suricata | 1.4.3 | |
| oisf | suricata | 1.4.4 | |
| openinfosecfoundation | suricata | * | |
| openinfosecfoundation | suricata | 1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:1.3:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6AE9A26B-52F4-4732-A22B-90F763DB13B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.3:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7C98C6B6-3CC3-4D6B-B569-6E46EA170658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EC2FC97D-56ED-4F7C-9F4A-3F1B73B5AABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE08247-BC07-4968-BFE0-491D761BD438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E768D8A2-18A9-4CA7-96E2-FF3393A380A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE65908-798A-4872-BD17-F42CA1C33898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFF0E62-6B39-4562-A261-1C3E3A587977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEFC8EC-9C9C-49D9-93DE-D5D091709E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD31DFD-F92C-4535-88AE-41E3AA402FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.4:beta1:*:*:*:*:*:*",
"matchCriteriaId": "98C0B959-3F7C-4A6E-ACE5-A34B3AB559B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.4:beta2:*:*:*:*:*:*",
"matchCriteriaId": "94A52C3A-9FB3-4F8F-B406-24F5C8A17675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.4:beta3:*:*:*:*:*:*",
"matchCriteriaId": "1B12DAD5-01DE-4270-9F2B-FE4F60DA51C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "48E2FD96-DCC0-45E0-94FE-CA58B4E14740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB6FA42-3CAF-4EAD-8A00-6CC1C41B91F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7AAB17-29B5-4423-ACCB-6C8A06B0F641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7068B8FB-5689-4A9D-ABFC-D7BE19A0BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8396101C-CC57-4692-A505-47F30F12647C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openinfosecfoundation:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C221CDA5-C3CF-4015-AEE5-DECC263ACFAB",
"versionEndIncluding": "1.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openinfosecfoundation:suricata:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFC9D2C-F02C-4E85-B8B0-8003466F0304",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record."
},
{
"lang": "es",
"value": "Suricata anterior a 1.4.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un registro SSL malformado."
}
],
"id": "CVE-2013-5919",
"lastModified": "2024-11-21T01:58:26.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-30T14:55:08.397",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/54968"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://suricata-ids.org/2013/09/24/suricata-1-4-6-released/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://suricata-ids.org/2013/09/24/suricata-1-4-6-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87492"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 19:15
Modified
2024-10-22 13:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g | Third Party Advisory | |
| security-advisories@github.com | https://redmine.openinfosecfoundation.org/issues/7195 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "444932ED-FCA1-4C9B-90CE-C3EEFAAA9DB2",
"versionEndExcluding": "7.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented \"unset\" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, las reglas que utilizan conjuntos de datos con la opci\u00f3n \"unset\" no funcional o no implementada pueden activar una aserci\u00f3n durante el an\u00e1lisis del tr\u00e1fico, lo que genera una denegaci\u00f3n de servicio. Este problema se soluciona en la versi\u00f3n 7.0.7. Como workaround, utilice solo conjuntos de reglas confiables y bien probados."
}
],
"id": "CVE-2024-45795",
"lastModified": "2024-10-22T13:35:50.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T19:15:26.660",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7195"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-19 15:15
Modified
2024-11-21 06:15
Severity ?
Summary
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/OISF/suricata/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://redmine.openinfosecfoundation.org/issues/4569 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OISF/suricata/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://redmine.openinfosecfoundation.org/issues/4569 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF362ED5-BBB1-4724-A87D-7AC9D90CDA5C",
"versionEndExcluding": "5.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4D0BAA-9C31-430E-A9EA-69A35F74DA62",
"versionEndExcluding": "6.0.4",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments."
},
{
"lang": "es",
"value": "Suricata versiones anteriores a 5.0.8 y versiones 6.x anteriores a 6.0.4, permite una evasi\u00f3n de TCP por medio de un cliente con una pila TCP/IP dise\u00f1ada que puede enviar una determinada secuencia de segmentos"
}
],
"id": "CVE-2021-37592",
"lastModified": "2024-11-21T06:15:28.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-19T15:15:08.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/4569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/4569"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-06 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE67AEB2-4237-48F9-97F5-D80071AD27F2",
"versionEndExcluding": "4.1.6",
"versionStartIncluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91532ED8-EDCD-4220-9E0F-552B3D3C8AB4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Suricata versi\u00f3n 5.0.0. Es posible omitir y evadir cualquier firma basada en TCP mediante la superposici\u00f3n de un segmento TCP con un paquete FIN falso. El paquete FIN falso es inyectado justo antes del paquete PUSH ACK que queremos omitir. Suricata ignorar\u00e1 el paquete PUSH ACK (que contiene los datos) porque se superpone al paquete FIN (la secuencia y el n\u00famero ack son id\u00e9nticos en los dos paquetes). El cliente ignorar\u00e1 el paquete FIN falso porque el flag ACK no est\u00e1 configurado. Tanto los clientes de Linux y Windows ignoran el paquete inyectado."
}
],
"id": "CVE-2019-18792",
"lastModified": "2024-11-21T04:33:34.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-06T18:15:23.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3324"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3394"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-06 21:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oisf | suricata | 5.0.0 | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "43F8D25A-DA90-4CD5-BC77-E0B151372D3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Suricata versi\u00f3n 5.0.0. Fue posible omitir y evadir cualquier firma basada en tcp falsificando una sesi\u00f3n TCP cerrada usando un servidor malicioso. Despu\u00e9s del paquete TCP SYN, es posible inyectar un paquete RST ACK y un paquete FIN ACK con una opci\u00f3n TCP Timestamp errada. El cliente ignorar\u00e1 los paquetes RST ACK y FIN ACK debido a la opci\u00f3n TCP Timestamp errada. Tanto el cliente de Linux y Windows ignoran los paquetes inyectados"
}
],
"id": "CVE-2019-18625",
"lastModified": "2024-11-21T04:33:23.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-06T21:15:11.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3286"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/3395"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-18 18:15
Modified
2024-11-21 04:18
Severity ?
Summary
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| josh@bress.net | https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe | Patch, Third Party Advisory | |
| josh@bress.net | https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b | Patch, Third Party Advisory | |
| josh@bress.net | https://redmine.openinfosecfoundation.org/issues/2736 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://redmine.openinfosecfoundation.org/issues/2736 | Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9475B-5B78-4EDD-B894-23A051ED5745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35775830-353B-4ED2-9614-C08B19952129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0ACCC9E-4F42-431C-9F58-DFD67F6DD433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "178734E6-C8B0-460B-9443-39871F6851F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2."
},
{
"lang": "es",
"value": "Open Information Security Foundation Suricata en versiones anteriores a la 4.1.2 se ve afectada por: Denegaci\u00f3n de servicio: omisi\u00f3n de detecci\u00f3n de DNS. El impacto es: un atacante puede evadir una detecci\u00f3n de firmas con un paquete de red especialmente formado. El componente es: app-layer-detect-proto.c, decode.c, decode-teredo.c y decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). El vector de ataque es: Un atacante puede activar la vulnerabilidad al enviar una solicitud de red espec\u00edficamente dise\u00f1ada. La versi\u00f3n corregida es: 4.1.2."
}
],
"id": "CVE-2019-1010251",
"lastModified": "2024-11-21T04:18:05.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-18T18:15:12.293",
"references": [
{
"source": "josh@bress.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe"
},
{
"source": "josh@bress.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b"
},
{
"source": "josh@bress.net",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/2736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/2736"
}
],
"sourceIdentifier": "josh@bress.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-22 18:15
Modified
2024-11-21 06:11
Severity ?
Summary
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oisf | suricata | * | |
| oisf | suricata | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0277B4E-DA19-4DA0-8016-C2D24C75B165",
"versionEndExcluding": "5.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E09D05E-27B9-4B9B-94C8-C6DDA67AE1B3",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata before 5.0.7 and 6.x before 6.0.3 has a \"critical evasion.\""
},
{
"lang": "es",
"value": "Suricata versiones anteriores a 5.0.7 y versiones 6.x anteriores a 6.0.3, presenta una \"evasi\u00f3n cr\u00edtica\""
}
],
"id": "CVE-2021-35063",
"lastModified": "2024-11-21T06:11:46.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-22T18:15:23.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980453"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-35063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU27J2ZYG6FBDL5CERE6FBB4ZFGHOROE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEP7PWY4LRT2R4MFLV7JIJRYZEZ7RQFL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-35063"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-04 16:29
Modified
2024-11-21 03:41
Severity ?
Summary
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E3C16-A589-4B73-8B36-F3924DDF5F31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check."
},
{
"lang": "es",
"value": "La versi\u00f3n 4.0.4 de Suricata gestiona de manera incorrecta el an\u00e1lisis de las unidades de datos de protocolo (PDU) de EtherNet/IP. Un PDU mal formado puede hacer que el c\u00f3digo de an\u00e1lisis lea m\u00e1s all\u00e1 de los datos asignados porque DecodeENIPPDU en app-layer-enip-commmon.c presenta un desbordamiento de enteros durante una comprobaci\u00f3n de longitud."
}
],
"id": "CVE-2018-10244",
"lastModified": "2024-11-21T03:41:05.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-04T16:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-26 16:27
Modified
2024-12-18 18:07
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oisf | suricata | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD3DB8D-5FEF-43FD-8E47-5EF72479EF29",
"versionEndExcluding": "7.0.3",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de la versi\u00f3n 7.0.3, el uso excesivo de memoria durante el an\u00e1lisis de pgsql pod\u00eda provocar fallos relacionados con OOM. Esta vulnerabilidad est\u00e1 parcheada en 7.0.3. Como workaround, los usuarios pueden desactivar el analizador de capa de aplicaci\u00f3n pgsql."
}
],
"id": "CVE-2024-23835",
"lastModified": "2024-12-18T18:07:03.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-26T16:27:57.417",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6411"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-11 15:15
Modified
2024-11-21 09:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5A2B49-48DE-4DBF-9FB3-4CCF294E5B0E",
"versionEndExcluding": "6.0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "108D4F28-A795-4119-A750-9108C85201DC",
"versionEndExcluding": "7.0.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Suricata puede quedarse sin memoria al analizar el tr\u00e1fico HTTP/2 manipulado. Actualice a 6.0.20 o 7.0.6."
}
],
"id": "CVE-2024-38535",
"lastModified": "2024-11-21T09:26:14.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-11T15:15:12.557",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7104"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7105"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7112"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 19:15
Modified
2024-10-22 13:37
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "444932ED-FCA1-4C9B-90CE-C3EEFAAA9DB2",
"versionEndExcluding": "7.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, un error l\u00f3gico durante el reensamblado de fragmentos pod\u00eda provocar un reensamblado fallido para el tr\u00e1fico v\u00e1lido. Un atacante podr\u00eda crear paquetes para desencadenar este comportamiento. Este problema se ha solucionado en la versi\u00f3n 7.0.7."
}
],
"id": "CVE-2024-45796",
"lastModified": "2024-10-22T13:37:57.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T19:15:26.923",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7067"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-19 04:15
Modified
2024-12-11 17:15
Severity ?
Summary
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDDE2F7-D633-4FBC-8EE1-6145A82AC02F",
"versionEndExcluding": "6.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section."
},
{
"lang": "es",
"value": "En Suricata antes de la versi\u00f3n 6.0.13, un adversario que controle una fuente externa de reglas Lua puede ser capaz de ejecutar c\u00f3digo Lua. Esto se soluciona en la versi\u00f3n 6.0.13 deshabilitando Lua a menos que \"allow-rules\" sea verdadero en la secci\u00f3n de configuraci\u00f3n de seguridad de Lua. "
}
],
"id": "CVE-2023-35853",
"lastModified": "2024-12-11T17:15:13.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-19T04:15:11.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.stamus-networks.com/stamus-labs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.stamus-networks.com/stamus-labs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-11 15:15
Modified
2024-11-21 09:23
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.
Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C796A1DA-B8E9-45E4-BBCF-7673AB7DDC99",
"versionEndExcluding": "6.0.20",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "108D4F28-A795-4119-A750-9108C85201DC",
"versionEndExcluding": "7.0.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. \nMishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. El mal manejo de varios paquetes fragmentados que utilizan el mismo valor de ID de IP puede provocar un error en el reensamblaje del paquete, lo que puede provocar una omisi\u00f3n de pol\u00edticas. Actualice a 7.0.6 o 6.0.20. Cuando utilice af-packet, habilite `defrag` para reducir el alcance del problema."
}
],
"id": "CVE-2024-37151",
"lastModified": "2024-11-21T09:23:18.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-11T15:15:11.847",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7041"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7042"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-26 16:27
Modified
2024-12-19 19:38
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oisf | suricata | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD3DB8D-5FEF-43FD-8E47-5EF72479EF29",
"versionEndExcluding": "7.0.3",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de 7.0.3, el tr\u00e1fico especialmente manipulado puede provocar heap use after free si el conjunto de reglas utiliza la palabra clave http.request_header o http.response_header. La vulnerabilidad ha sido parcheada en 7.0.3. Para solucionar la vulnerabilidad, evite las palabras clave http.request_header y http.response_header."
}
],
"id": "CVE-2024-23839",
"lastModified": "2024-12-19T19:38:28.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-26T16:27:58.090",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6657"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-11 15:15
Modified
2024-11-21 09:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B17F0F5-06E7-4E0E-B29B-22B0E159CCA7",
"versionEndExcluding": "7.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. un fallo en la asignaci\u00f3n de memoria debido a que se alcanz\u00f3 `http.memcap` genera una referencia NULL-ptr que provoca un bloqueo. Actualice a 7.0.6."
}
],
"id": "CVE-2024-38536",
"lastModified": "2024-11-21T09:26:15.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-11T15:15:12.760",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7029"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7033"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-06 18:15
Modified
2024-11-21 05:09
Severity ?
Summary
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0C77AB-2ED7-4BE6-8E83-20CDEE6592D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pfsense:pfsense:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E427DF08-7EE5-406A-BB5D-3635797C5B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pfsense:suricata_package:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78558C4B-83C7-4C3D-B9A9-83531691EF41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php."
}
],
"id": "CVE-2020-19678",
"lastModified": "2024-11-21T05:09:19.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-06T18:15:08.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pastebin.com/8dj59053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pastebin.com/8dj59053"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-07 15:15
Modified
2024-12-19 19:40
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D75940C-F39A-466B-9E79-D2E19DA182C5",
"versionEndExcluding": "6.0.19",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A158A8DB-3609-488B-B986-52575C649704",
"versionEndExcluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536)."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de 7.0.5 y 6.0.19, una peque\u00f1a cantidad de tr\u00e1fico HTTP/2 puede hacer que Suricata utilice una gran cantidad de memoria. El problema se solucion\u00f3 en Suricata 7.0.5 y 6.0.19. Los workarounds incluyen deshabilitar el analizador HTTP/2 y reducir el valor `app-layer.protocols.http2.max-table-size` (el valor predeterminado es 65536)."
}
],
"id": "CVE-2024-32663",
"lastModified": "2024-12-19T19:40:02.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-07T15:15:08.713",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6892"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6900"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-26 16:27
Modified
2024-12-19 19:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oisf | suricata | * | |
| oisf | suricata | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AB3B22-820A-45AE-A0F1-B07C53FEB22E",
"versionEndExcluding": "6.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD3DB8D-5FEF-43FD-8E47-5EF72479EF29",
"versionEndExcluding": "7.0.3",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de las versiones 6.0.16 y 7.0.3, un atacante pod\u00eda manipular el tr\u00e1fico para hacer que Suricata utilizara mucha m\u00e1s CPU y memoria de la necesaria para procesar el tr\u00e1fico, lo que puede provocar ralentizaciones extremas y denegaci\u00f3n de servicio. Esta vulnerabilidad est\u00e1 parcheada en 6.0.16 o 7.0.3. Los workarounds incluyen deshabilitar el analizador de la capa de aplicaci\u00f3n del protocolo afectado en el yaml y reducir el valor `stream.reassembly. Depth` ayuda a reducir la gravedad del problema."
}
],
"id": "CVE-2024-23836",
"lastModified": "2024-12-19T19:26:20.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-26T16:27:57.693",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6531"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6532"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6540"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6658"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6659"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6660"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 20:15
Modified
2024-10-22 13:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7 | Mitigation, Third Party Advisory | |
| security-advisories@github.com | https://redmine.openinfosecfoundation.org/issues/7267 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "444932ED-FCA1-4C9B-90CE-C3EEFAAA9DB2",
"versionEndExcluding": "7.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, un ALPN no v\u00e1lido en el tr\u00e1fico TLS/QUIC cuando la coincidencia/registro de JA4 est\u00e1 habilitado puede provocar que Suricata cancele la conexi\u00f3n con un mensaje de p\u00e1nico. Este problema se ha solucionado en la versi\u00f3n 7.0.7. Se puede deshabilitar JA4 como workaround."
}
],
"id": "CVE-2024-47522",
"lastModified": "2024-10-22T13:51:02.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T20:15:06.083",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7267"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-26 16:27
Modified
2024-12-19 19:30
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oisf | suricata | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD3DB8D-5FEF-43FD-8E47-5EF72479EF29",
"versionEndExcluding": "7.0.3",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3."
},
{
"lang": "es",
"value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de 7.0.3, el tr\u00e1fico manipulado pod\u00eda eludir las reglas que inspeccionaban los encabezados HTTP2. La vulnerabilidad ha sido parcheada en 7.0.3."
}
],
"id": "CVE-2024-24568",
"lastModified": "2024-12-19T19:30:33.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-26T16:27:58.293",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6717"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}