5.3

CVE-2024-32867

Suricata's defrag contains various issues leading to policy bypass

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OisfSuricata Version >= 6.0.0 < 6.0.19
OisfSuricata Version >= 7.0.0 < 7.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.7% 0.485
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9
Patch
https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66
Patch
https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634
Patch
https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b
Patch
https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9
Patch
https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8
Patch
https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5
Vendor Advisory
https://redmine.openinfosecfoundation.org/issues/6672
Issue Tracking
https://redmine.openinfosecfoundation.org/issues/6673
Issue Tracking
https://redmine.openinfosecfoundation.org/issues/6677
Issue Tracking