Bug 939049 (CVE-2024-37151, CVE-2024-38534, CVE-2024-38535, CVE-2024-38536)

Summary:	net-analyzer/suricata: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Filip Kobierski <fkobi>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	UNCONFIRMED ---
Severity:	normal	CC:	maintainer-needed
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://forum.suricata.io/t/suricata-7-0-6-and-6-0-20-released/4728
Whiteboard:	B3 [ebuild]
Package list:		Runtime testing required:	---

Description Filip Kobierski 2024-09-04 12:49:12 UTC

CVE-2024-37151

Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass.



CVE-2024-38534

Crafted modbus traffic can lead to unlimited resource accumulation within a flow.



CVE-2024-38535

Suricata can run out of memory when parsing crafted HTTP/2 traffic.



CVE-2024-38536

A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash.



My PR

I have created a pull request adding 7.0.6, which is said to be safe from those:
https://github.com/gentoo/gentoo/pull/38398