CVE-2024-38536 – Suricata http/range: NULL-ptr deref when http.memcap is reached
https://notcve.org/view.php?id=CVE-2024-38536
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. un fallo en la asignación de memoria debido a que se alcanzó `http.memcap` genera una referencia NULL-ptr que provoca un bloqueo. Actualice a 7.0.6. • https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh https://redmine.openinfosecfoundation.org/issues/7029 https://redmine.openinfosecfoundation.org/issues/7033 • CWE-476: NULL Pointer Dereference •
CVE-2024-38535 – Suricata http2: oom from duplicate headers
https://notcve.org/view.php?id=CVE-2024-38535
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. Suricata puede quedarse sin memoria al analizar el tráfico HTTP/2 manipulado. • https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7 https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2 https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563 https://redmine.openinfosecfoundation.org/issues/7104 https://redmine.openinfosecfoundation.org/issues/7105 https://redmine.openinfosecfoundation.org/issues/7112 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-38534 – Suricata modbus: txs without responses are never freed
https://notcve.org/view.php?id=CVE-2024-38534
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. • https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq https://redmine.openinfosecfoundation.org/issues/6987 https://redmine.openinfosecfoundation.org/issues/6988 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-28870 – Suricata uses excessive resource use in malformed ssh traffic parsing
https://notcve.org/view.php?id=CVE-2024-28870
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4. Suricata es un sistema de detección de intrusiones de red, un sistema de prevención de intrusiones y un motor de monitorización de seguridad de red desarrollado por OISF y la comunidad de Suricata. Al analizar un banner SSH demasiado largo, Suricata puede utilizar recursos excesivos de la CPU, así como provocar un volumen de registro excesivo en los registros de alerta. • https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-23836 – crafted traffic can cause denial of service
https://notcve.org/view.php?id=CVE-2024-23836
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue. Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. • https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7 https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747 https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7 https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97 https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8 https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786 https://github.com • CWE-770: Allocation of Resources Without Limits or Throttling •