Main Vulnerability Database Vulnerabilities #VU102514

Input validation error in Suricata - CVE-2024-55629

Published: January 10, 2025

Vulnerability identifier: #VU102514

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-55629

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Open Information Security Foundation

Affected software:
Suricata

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of TCP streams with TCP urgent data (out of band data), which can lead to Suricata analyzing data differently than the applications at the TCP endpoints. A remote attacker can bypass generic detection when using TCP urgent support.

How to mitigate CVE-2024-55629

Install updates from vendor's website.

Sources

https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7
https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8
https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2
https://redmine.openinfosecfoundation.org/issues/7411

Input validation error in Suricata - CVE-2024-55629

Detailed vulnerability description

How to mitigate CVE-2024-55629

Sources

Please verify you're human