CVE-2024-55629Incomplete Model of Endpoint Features in Suricata

CWE-437Incomplete Model of Endpoint FeaturesCWE-436Interpretation Conflict4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 29.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oisf Suricata
Timeline
PublishedJan 6

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -> any any (sid:1; tcp.flags:U*;) to drop al

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5oisf/suricata< 7.0.8
NVDoisf/suricata< 7.0.8
Debianoisf/suricata< 1:7.0.8-1+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2024-55629: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine2025-01-06
CVEList
Suricata generic detection bypass using TCP urgent support2025-01-06

📋Vendor Advisories

1
Debian
CVE-2024-55629: suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System an...2024
CVE-2024-55629 — Incomplete Model of Endpoint Features | cvebase