939049 – (CVE-2024-37151, CVE-2024-38534, CVE-2024-38535, CVE-2024-38536) net-analyzer/suricata: multiple vulnerabilities

Bug 939049 (CVE-2024-37151, CVE-2024-38534, CVE-2024-38535, CVE-2024-38536) - net-analyzer/suricata: multiple vulnerabilities

Summary: net-analyzer/suricata: multiple vulnerabilities

Status:	UNCONFIRMED

Alias:	CVE-2024-37151, CVE-2024-38534, CVE-2024-38535, CVE-2024-38536

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://forum.suricata.io/t/suricata-...
Whiteboard:	B3 [ebuild]
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2024-09-04 12:49 UTC by Filip Kobierski
Modified:	2024-09-05 06:37 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Kobierski 2024-09-04 12:49:12 UTC

CVE-2024-37151

Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass.



CVE-2024-38534

Crafted modbus traffic can lead to unlimited resource accumulation within a flow.



CVE-2024-38535

Suricata can run out of memory when parsing crafted HTTP/2 traffic.



CVE-2024-38536

A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash.



My PR

I have created a pull request adding 7.0.6, which is said to be safe from those:
https://github.com/gentoo/gentoo/pull/38398