CVE-2024-32664
published 2024-05-07CVE-2024-32664: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially…
PriorityP343high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
0.86%
53.9th percentile
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | suricata | < suricata 1:7.0.5-1 (forky) | suricata 1:7.0.5-1 (forky) |
| oisf | suricata | — | — |
| oisf | suricata | — | — |
| oisf | suricata | >= 0 < 1:7.0.5-1 | 1:7.0.5-1 |
| oisf | suricata | >= 0 < 1:7.0.5-1 | 1:7.0.5-1 |
| oisf | suricata | >= 6.0.0 < 6.0.19 | 6.0.19 |
| oisf | suricata | >= 7.0.0 < 7.0.5 | 7.0.5 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
osv7.3HIGH
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2024-32664: suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System an...
vendor_debian·2024·CVSS 5.3
CVE-2024-32664 [MEDIUM] CVE-2024-32664: suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System an...
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1:7.0.5-1)
sid: resolved (fixed in 1:7.0.5-1)
trixie: resolved (fixed in 1:7.0.5-1)
OSV
CVE-2024-32664: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine
osv·2024-05-07·CVSS 7.3
CVE-2024-32664 [HIGH] CVE-2024-32664: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.
No detection rules found.
No public exploits indexed.
Securelist
Memory corruption vulnerabilities in Suricata and FreeRDP
blogs_securelist·2024-08-22·CVSS 9.8
CVE-2024-32664 [CRITICAL] Memory corruption vulnerabilities in Suricata and FreeRDP
Table of Contents
Open-source components in KasperskyOS-based products
CVE-2024-32664: out-of-bounds write in Suricata
FreeRDP vulnerabilities
CVE-2024-32041
CVE-2024-32039
CVE-2024-32040
CVE-2024-32458
CVE-2024-32459
CVE-2024-32460
Disclosure timeline
Conclusion
Authors
Dmitry Shmoylov
Evgeny Legerov
Denis Skvortsov
As a cybersecurity company, before we release our products, we perform penetration tests on them to make sure they are secure. Recently, new versions of KasperskyOS-based products were released, namely Kaspersky Thin Client (KTC) and Kaspersky IoT Secure Gateway (KISG). As part of the pre-release penetration testing, we analyzed two open-source components used in these products, namely Suricata and FreeRDP projects, and discovered several vulnerabilities, which
Securelist
Kaspersky found multiple memory corruptions in Suricata and FreeRDP
blogs_securelist·2024-08-22·CVSS 9.8
CVE-2024-32664 [CRITICAL] Kaspersky found multiple memory corruptions in Suricata and FreeRDP
Table of Contents
- Open-source components in KasperskyOS-based products
- CVE-2024-32664: out-of-bounds write in Suricata
- FreeRDP vulnerabilities
- Disclosure timeline
- Conclusion
Authors
- Dmitry Shmoylov
- Evgeny Legerov
- Denis Skvortsov
As a cybersecurity company, before we release our products, we perform penetration tests on them to make sure they are secure. Recently, new versions of KasperskyOS-based products were released, namely Kaspersky Thin Client (KTC) and Kaspersky IoT Secure Gateway (KISG). As part of the pre-release penetration testing, we analyzed two open-source components used in these products, namely Suricata and FreeRDP projects, and discovered several vulnerabilities, which we reported to the developers of the corresponding libraries, as well as sharing the
https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
2024-05-07
Published