CVE-2024-38534

Suricata modbus: txs without responses are never freed

CVSS 7.5 HIGHEPSS 0.9%CWE-770

In short

Suricata can accumulate unlimited resources when processing specially crafted Modbus network traffic, potentially causing the system to run out of memory or become unresponsive. This happens because incomplete Modbus requests are not properly cleaned up.

Technical detail

Suricata's Modbus parser fails to free transaction structures (txs) when responses are absent, allowing an attacker to send crafted Modbus traffic that triggers unbounded resource accumulation within a flow. The vulnerability is mitigated by limiting stream.reassembly.depth; fixed in version 7.0.6.

Summary generated and translated by AI from the official description.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

OISF · suricata

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq https://redmine.openinfosecfoundation.org/issues/6987 https://redmine.openinfosecfoundation.org/issues/6988