CVE-2024-55627

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer...

CVE-2024-55626

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8...

CVE-2024-55626 Suricata oversized bpf file can lead to buffer overflow

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8...

CVE-2024-55605 Suricata allows stack overflow in transforms

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the tolowercase, touppercase, stripwhitespace, compresswhitespace, dotprefix, headerlowercase, strippseudoheaders, urldecode, or xor...

CVE-2024-55605

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the tolowercase, touppercase, stripwhitespace, compresswhitespace, dotprefix, headerlowercase, strippseudoheaders, urldecode, or xor...

CVE-2024-47188

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker...

CVE-2024-45795

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service...

CVE-2024-45796

CVE-2024-45796 affects Suricata, a network IDS/IPS/NSM engine. The issue is a logic error during fragment reassembly that can cause failed reassembly for valid traffic when processing certain fragments. This vulnerability is addressed in Suricata version 7.0.7; upgrading to 7.0.7 or later mitigat...

CVE-2024-45796

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This iss...

CVE-2024-45795 Suricata detect/datasets: reachable assertion with unimplemented rule option

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service...

CVE-2024-45795

Suricata (IDS/IPS/NSM) prior to 7.0.7 is vulnerable to an assertion during traffic parsing when rules use datasets with the non-functional/unimplemented “unset” option, potentially enabling denial-of-service. The issue is addressed in version 7.0.7; recommended mitigations include updating to 7.0...

CVE-2024-45795 Suricata detect/datasets: reachable assertion with unimplemented rule option

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service...

CVE-2024-38536 Suricata http/range: NULL-ptr deref when http.memcap is reached

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to http.memcap being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6...

CVE-2024-38536 Suricata http/range: NULL-ptr deref when http.memcap is reached

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to http.memcap being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6...

CVE-2024-32867

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19...

CVE-2024-32664 Suricata's base64 contains an out of bounds write

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use...

CVE-2024-32663 Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

CVE-2024-32663

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

The vulnerability of the FortiSandbox threat detection and mitigation system arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code.

The vulnerability of the FortiSandbox threat detection and mitigation system exists because measures are not taken to neutralize the special elements used in the operating system’s command line interface. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using...

PT-2024-4128 · Nozomi Networks · Nozomi Networks Guardian

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian affected versions not specified Description: A Denial of Service DoS issue is caused by improper input validation in certain fields used in the Radius parsing functionality of the IDS. This allows an unauthenticated...