CVE-2024-37151
CVSS V2 None
CVSS V3 None
Description
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.
Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem.
Overview
- CVE ID
- CVE-2024-37151
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-11T14:39:32.766Z
- Last Modified Date
- 2024-07-11T14:39:32.766Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24 | x_refsource_CONFIRM |
| https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0 | x_refsource_MISC |
| https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b | x_refsource_MISC |
| https://redmine.openinfosecfoundation.org/issues/7041 | x_refsource_MISC |
| https://redmine.openinfosecfoundation.org/issues/7042 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-37151 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37151 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-07-12 13:02:45 | Added to TrackCVE |