CVE-2024-55627

EUVD-2024-52825
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
oisfsuricata
𝑥
< 7.0.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
suricata
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
forky
1:8.0.2-1
fixed
sid
1:8.0.2-1
fixed
trixie
1:7.0.10-1+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
suricata
bionic
needs-triage
focal
dne
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
not-affected
questing
not-affected
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd
https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be
https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432
https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v
https://redmine.openinfosecfoundation.org/issues/7393