rpm package
opensuse/suricata&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/suricata&distro=openSUSE%20Tumbleweed
Vulnerabilities (54)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38535 | — | < 8.0.0-1.1 | 8.0.0-1.1 | Jul 11, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6. | ||
| CVE-2024-38534 | — | < 8.0.0-1.1 | 8.0.0-1.1 | Jul 11, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue. | ||
| CVE-2024-37151 | — | < 8.0.0-1.1 | 8.0.0-1.1 | Jul 11, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or | ||
| CVE-2024-32867 | — | < 8.0.0-1.1 | 8.0.0-1.1 | May 7, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7 | ||
| CVE-2024-32664 | — | < 8.0.0-1.1 | 8.0.0-1.1 | May 7, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds | ||
| CVE-2024-32663 | — | < 8.0.0-1.1 | 8.0.0-1.1 | May 7, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 an | ||
| CVE-2024-24568 | — | < 8.0.0-1.1 | 8.0.0-1.1 | Feb 26, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3. | ||
| CVE-2024-23839 | — | < 8.0.0-1.1 | 8.0.0-1.1 | Feb 26, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulne | ||
| CVE-2024-23836 | — | < 8.0.0-1.1 | 8.0.0-1.1 | Feb 26, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which c | ||
| CVE-2024-23835 | — | < 8.0.0-1.1 | 8.0.0-1.1 | Feb 26, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, use | ||
| CVE-2019-10053 | — | < 8.0.0-1.1 | 8.0.0-1.1 | May 13, 2019 | An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow. | ||
| CVE-2019-10050 | — | < 8.0.0-1.1 | 8.0.0-1.1 | May 13, 2019 | A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipula | ||
| CVE-2018-14568 | Hig | 7.5 | < 8.0.0-1.1 | 8.0.0-1.1 | Jul 23, 2018 | Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received). | |
| CVE-2016-10728 | Med | 5.3 | < 8.0.0-1.1 | 8.0.0-1.1 | Jul 23, 2018 | An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to mis |
- CVE-2024-38535Jul 11, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
- CVE-2024-38534Jul 11, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.
- CVE-2024-37151Jul 11, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or
- CVE-2024-32867May 7, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7
- CVE-2024-32664May 7, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds
- CVE-2024-32663May 7, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 an
- CVE-2024-24568Feb 26, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
- CVE-2024-23839Feb 26, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulne
- CVE-2024-23836Feb 26, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which c
- CVE-2024-23835Feb 26, 2024affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, use
- CVE-2019-10053May 13, 2019affected < 8.0.0-1.1fixed 8.0.0-1.1
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.
- CVE-2019-10050May 13, 2019affected < 8.0.0-1.1fixed 8.0.0-1.1
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipula
- affected < 8.0.0-1.1fixed 8.0.0-1.1
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
- affected < 8.0.0-1.1fixed 8.0.0-1.1
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to mis
Page 3 of 3