CVE-2024-45796

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg	Third Party Advisory
https://redmine.openinfosecfoundation.org/issues/7067	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

History

22 Oct 2024, 13:37

Type	Values Removed	Values Added
References	~~() https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg -~~	() https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg - Third Party Advisory
References	~~() https://redmine.openinfosecfoundation.org/issues/7067 -~~	() https://redmine.openinfosecfoundation.org/issues/7067 - Issue Tracking
First Time		Oisf suricata Oisf
CPE		cpe:2.3:a:oisf:suricata::::::::

18 Oct 2024, 12:53

Type	Values Removed	Values Added
Summary		(es) Suricata es un sistema de detección de intrusiones, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versión 7.0.7, un error lógico durante el reensamblado de fragmentos podía provocar un reensamblado fallido para el tráfico válido. Un atacante podría crear paquetes para desencadenar este comportamiento. Este problema se ha solucionado en la versión 7.0.7.

16 Oct 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-16 19:15

Updated : 2024-10-22 13:37

NVD link : CVE-2024-45796

Mitre link : CVE-2024-45796

CVE.ORG link : CVE-2024-45796

JSON object : View

Products Affected

oisf

suricata

CWE

CWE-193

Off-by-one Error

{"id": "CVE-2024-45796", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-10-16T19:15:26.923", "references": [{"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://redmine.openinfosecfoundation.org/issues/7067", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-193"}]}], "descriptions": [{"lang": "en", "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7."}, {"lang": "es", "value": "Suricata es un sistema de detecci\u00f3n de intrusiones, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versi\u00f3n 7.0.7, un error l\u00f3gico durante el reensamblado de fragmentos pod\u00eda provocar un reensamblado fallido para el tr\u00e1fico v\u00e1lido. Un atacante podr\u00eda crear paquetes para desencadenar este comportamiento. Este problema se ha solucionado en la versi\u00f3n 7.0.7."}], "lastModified": "2024-10-22T13:37:57.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "444932ED-FCA1-4C9B-90CE-C3EEFAAA9DB2", "versionEndExcluding": "7.0.7"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}