Unrated severityNVD Advisory· Published Jul 11, 2024· Updated Nov 3, 2025
Suricata defrag: IP ID reuse can lead to policy bypass
CVE-2024-37151
Description
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable defrag to reduce the scope of the problem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: >=6.0.0,<6.0.20 || >=7.0.0,<7.0.6
Patches
Vulnerability mechanics
References
5- github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0mitrex_refsource_MISC
- github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6bmitrex_refsource_MISC
- github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24mitrex_refsource_CONFIRM
- redmine.openinfosecfoundation.org/issues/7041mitrex_refsource_MISC
- redmine.openinfosecfoundation.org/issues/7042mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.