cbcvebase.
CVE-2024-3382
published 2024-04-10

CVE-2024-3382: A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually…

PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.92%
55.9th percentile
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.

Affected

10 ranges
VendorProductVersion rangeFixed in
palo_alto_networkspan-os>= 10.2.0 < 10.2.7-h310.2.7-h3
palo_alto_networkspan-os>= 11.0.0 < 11.0.411.0.4
palo_alto_networkspan-os>= 11.1.0 < 11.1.211.1.2
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os
paloaltonetworkspan-os>= 10.2.0 < 10.2.710.2.7
paloaltonetworkspan-os>= 11.0.0 < 11.0.411.0.4
paloaltonetworkspan-os>= 11.1.0 < 11.1.211.1.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.