Always-Incorrect Control Flow Implementation in Suricata - CVE-2024-37151

 

Always-Incorrect Control Flow Implementation in Suricata - CVE-2024-37151

Published: July 11, 2024 / Updated: April 27, 2026


Vulnerability identifier: #VU128044
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-37151
CWE-ID: CWE-670
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Open Information Security Foundation
Affected software:
Suricata

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security policy enforcement.

The vulnerability exists due to improper handling of fragmented packets in the defragmentation functionality when processing multiple fragmented packets using the same IP ID value. A remote attacker can send specially crafted fragmented packets to bypass security policy enforcement.


How to mitigate CVE-2024-37151

Install security update from vendor's website.

Sources