CVE-2024-38534

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

History

12 Jul 2024, 18:46

Type Values Removed Values Added
First Time Oisf suricata
Oisf
References () https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae - () https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae - Patch
References () https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq - () https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq - Vendor Advisory
References () https://redmine.openinfosecfoundation.org/issues/6987 - () https://redmine.openinfosecfoundation.org/issues/6987 - Issue Tracking
References () https://redmine.openinfosecfoundation.org/issues/6988 - () https://redmine.openinfosecfoundation.org/issues/6988 - Issue Tracking
CPE cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
Summary
  • (es) Suricata es un sistema de detección de intrusiones en la red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de la red. El tráfico modbus manipulado puede generar una acumulación ilimitada de recursos dentro de un flujo. Actualice a 7.0.6. Establezca una profundidad de reensamblaje de flujo limitada para reducir el problema.

11 Jul 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-11 15:15

Updated : 2024-07-12 18:46


NVD link : CVE-2024-38534

Mitre link : CVE-2024-38534

CVE.ORG link : CVE-2024-38534


JSON object : View

Products Affected

oisf

  • suricata
CWE
CWE-770

Allocation of Resources Without Limits or Throttling