#VU102514 Input validation error in Suricata - CVE-2024-55629

Cybersecurity Help s.r.o.

Published: 2025-01-10

Vulnerability identifier: #VU102514

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-55629

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Suricata
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Open Information Security Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of TCP streams with TCP urgent data (out of band data), which can lead to Suricata analyzing data differently than the applications at the TCP endpoints. A remote attacker can bypass generic detection when using TCP urgent support.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Suricata: 7.0.0 - 7.0.7

External links
https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7
https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8
https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2
https://redmine.openinfosecfoundation.org/issues/7411

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Kaspersky IoT Secure Gateway Network Protector

Multiple vulnerabilities in Kaspersky Anti Targeted Attack Server

Fedora EPEL 8 update for suricata

Fedora 40 update for suricata

Fedora EPEL 9 update for suricata

Fedora 41 update for suricata

Multiple vulnerabilities in Suricata