CVE-2024-32867
Suricata's defrag contains various issues leading to policy bypass
In short
Suricata, a network security monitoring tool, has issues detecting fragmented network packets correctly, which could allow malicious traffic to bypass security rules. An attacker could craft fragmented packets to slip past the security monitoring system.
Technical detail
The vulnerability exists in Suricata's defragmentation handling logic prior to versions 7.0.5 and 6.0.19, where improper processing of fragmentation anomalies causes rule mismatches and policy bypass. An attacker can craft malformed IP fragments to evade intrusion detection/prevention rules. Impact includes circumvention of configured security policies for fragmented traffic detection.
Summary generated and translated by AI from the official description.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
OISF · suricataWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4bhttps://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5https://redmine.openinfosecfoundation.org/issues/6672https://redmine.openinfosecfoundation.org/issues/6673https://redmine.openinfosecfoundation.org/issues/6677