CVE-2024-45795

EPSS 0.17%
Veröffentlicht 16.10.2024 19:15:26
Zuletzt bearbeitet 22.10.2024 13:35:50
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oisf ≫ Suricata Version < 7.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.391

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g

Third Party Advisory

https://redmine.openinfosecfoundation.org/issues/7195

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-45795

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45795

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45795

EUVD