CVE-2024-47522 – Suricata ja4: invalid alpn leads to panic
https://notcve.org/view.php?id=CVE-2024-47522
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround. Suricata es un sistema de detección de intrusiones, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. • https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7 https://redmine.openinfosecfoundation.org/issues/7267 • CWE-617: Reachable Assertion •
CVE-2024-38536 – Suricata http/range: NULL-ptr deref when http.memcap is reached
https://notcve.org/view.php?id=CVE-2024-38536
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. un fallo en la asignación de memoria debido a que se alcanzó `http.memcap` genera una referencia NULL-ptr que provoca un bloqueo. Actualice a 7.0.6. • https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh https://redmine.openinfosecfoundation.org/issues/7029 https://redmine.openinfosecfoundation.org/issues/7033 • CWE-476: NULL Pointer Dereference •
CVE-2024-38535 – Suricata http2: oom from duplicate headers
https://notcve.org/view.php?id=CVE-2024-38535
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. Suricata puede quedarse sin memoria al analizar el tráfico HTTP/2 manipulado. • https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7 https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2 https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563 https://redmine.openinfosecfoundation.org/issues/7104 https://redmine.openinfosecfoundation.org/issues/7105 https://redmine.openinfosecfoundation.org/issues/7112 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-38534 – Suricata modbus: txs without responses are never freed
https://notcve.org/view.php?id=CVE-2024-38534
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. • https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq https://redmine.openinfosecfoundation.org/issues/6987 https://redmine.openinfosecfoundation.org/issues/6988 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-37151 – Suricata defrag: IP ID reuse can lead to policy bypass
https://notcve.org/view.php?id=CVE-2024-37151
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. El mal manejo de varios paquetes fragmentados que utilizan el mismo valor de ID de IP puede provocar un error en el reensamblaje del paquete, lo que puede provocar una omisión de políticas. • https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0 https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24 https://redmine.openinfosecfoundation.org/issues/7041 https://redmine.openinfosecfoundation.org/issues/7042 • CWE-754: Improper Check for Unusual or Exceptional Conditions •