CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45795 – Suricata detect/datasets: reachable assertion with unimplemented rule option
https://notcve.org/view.php?id=CVE-2024-45795
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets. Suricata es un sistema de detección de intrusiones, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. • https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g https://redmine.openinfosecfoundation.org/issues/7195 • CWE-617: Reachable Assertion •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45796 – Suricata defrag: off by one can lead to policy bypass
https://notcve.org/view.php?id=CVE-2024-45796
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7. Suricata es un sistema de detección de intrusiones, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versión 7.0.7, un error lógico durante el reensamblado de fragmentos podía provocar un reensamblado fallido para el tráfico válido. • https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg https://redmine.openinfosecfoundation.org/issues/7067 • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47187 – Suricata datasets: missing hashtable random seed leads to potential DoS
https://notcve.org/view.php?id=CVE-2024-47187
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. • https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p https://redmine.openinfosecfoundation.org/issues/7209 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47188 – Suricata http/byte-ranges: missing hashtable random seed leads to potential DoS
https://notcve.org/view.php?id=CVE-2024-47188
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7. Suricata es un sistema de detección de intrusiones, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. • https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872 https://redmine.openinfosecfoundation.org/issues/7289 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47522 – Suricata ja4: invalid alpn leads to panic
https://notcve.org/view.php?id=CVE-2024-47522
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround. Suricata es un sistema de detección de intrusiones, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. • https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7 https://redmine.openinfosecfoundation.org/issues/7267 • CWE-617: Reachable Assertion •