CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-38536 – Suricata http/range: NULL-ptr deref when http.memcap is reached
https://notcve.org/view.php?id=CVE-2024-38536
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. un fallo en la asignación de memoria debido a que se alcanzó `http.memcap` genera una referencia NULL-ptr que provoca un bloqueo. Actualice a 7.0.6. • https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh https://redmine.openinfosecfoundation.org/issues/7029 https://redmine.openinfosecfoundation.org/issues/7033 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38535 – Suricata http2: oom from duplicate headers
https://notcve.org/view.php?id=CVE-2024-38535
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. Suricata puede quedarse sin memoria al analizar el tráfico HTTP/2 manipulado. • https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7 https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2 https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563 https://redmine.openinfosecfoundation.org/issues/7104 https://redmine.openinfosecfoundation.org/issues/7105 https://redmine.openinfosecfoundation.org/issues/7112 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38534 – Suricata modbus: txs without responses are never freed
https://notcve.org/view.php?id=CVE-2024-38534
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. • https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq https://redmine.openinfosecfoundation.org/issues/6987 https://redmine.openinfosecfoundation.org/issues/6988 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37151 – Suricata defrag: IP ID reuse can lead to policy bypass
https://notcve.org/view.php?id=CVE-2024-37151
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. El mal manejo de varios paquetes fragmentados que utilizan el mismo valor de ID de IP puede provocar un error en el reensamblaje del paquete, lo que puede provocar una omisión de políticas. • https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0 https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24 https://redmine.openinfosecfoundation.org/issues/7041 https://redmine.openinfosecfoundation.org/issues/7042 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32663 – Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation
https://notcve.org/view.php?id=CVE-2024-32663
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536). Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. • https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64 https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019 https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5 https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r https://redmine.openinfosecfoundation.org/issues/6892 https://redmine.openinfosecfoundation.org/issues/6900 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •