CVE-2024-45795

EPSS 0.17%
Published 16.10.2024 19:15:26
Last modified 22.10.2024 13:35:50
Source security-advisories@github.com
Teams watchlist Login
Open Login

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Oisf ≫ Suricata Version < 7.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.391

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g

Third Party Advisory

https://redmine.openinfosecfoundation.org/issues/7195

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-45795

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45795

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45795

EUVD