VYPR

rpm package

opensuse/suricata&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/suricata&distro=openSUSE%20Tumbleweed

Vulnerabilities (54)

  • CVE-2024-38535Jul 11, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

  • CVE-2024-38534Jul 11, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.

  • CVE-2024-37151Jul 11, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or

  • CVE-2024-32867May 7, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7

  • CVE-2024-32664May 7, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds

  • CVE-2024-32663May 7, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 an

  • CVE-2024-24568Feb 26, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.

  • CVE-2024-23839Feb 26, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulne

  • CVE-2024-23836Feb 26, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which c

  • CVE-2024-23835Feb 26, 2024
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, use

  • CVE-2019-10053May 13, 2019
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.

  • CVE-2019-10050May 13, 2019
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipula

  • CVE-2018-14568HigJul 23, 2018
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).

  • CVE-2016-10728MedJul 23, 2018
    affected < 8.0.0-1.1fixed 8.0.0-1.1

    An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to mis

Page 3 of 3