Lucene search

Gentoo FoundationMGASA-2024-0306

HistorySep 17, 2024 - 5:41 a.m.

Updated suricata packages fix security vulnerabilities

2024-09-1705:41:21

Gentoo Foundation

advisories.mageia.org

suricata

security vulnerabilities

fragmented packets

crafted traffic

http/2

resource accumulation

policy bypass

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

JSON

CVE-2024-37151 Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. CVE-2024-38534 Crafted modbus traffic can lead to unlimited resource accumulation within a flow CVE-2024-38535, CVE-2024-38536 Suricata can run out of memory when parsing crafted HTTP/2 traffic.

OSVersionArchitecturePackageVersionFilename
Mageia9noarchsuricata< 6.0.20-1suricata-6.0.20-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	suricata	< 6.0.20-1	suricata-6.0.20-1.mga9

References

bugs.mageia.org/show_bug.cgi?id=33431

lists.fedoraproject.org/archives/list/[email protected]/message/JJWELU75TPOICUA2UGNZDY7QQJBB7HYJ/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

JSON

Related for MGASA-2024-0306