CVE-2024-38534

EPSS 0.64%
Published 11.07.2024 15:15:12
Last modified 21.11.2024 09:26:14
Source security-advisories@github.com
Teams watchlist Login
Open Login

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Oisf ≫ Suricata Version < 7.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.64%	0.697

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae

Patch

https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq

Vendor Advisory

https://redmine.openinfosecfoundation.org/issues/6987

Issue Tracking

https://redmine.openinfosecfoundation.org/issues/6988

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-38534

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38534

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38534

EUVD