What is the severity of CVE-2024-37151?

CVE-2024-37151 has a high severity rating due to its potential for policy bypass in network security.

How do I fix CVE-2024-37151?

To fix CVE-2024-37151, upgrade to Suricata version 7.0.6 or 6.0.20 or later.

What causes CVE-2024-37151?

CVE-2024-37151 is caused by the mishandling of multiple fragmented packets with the same IP ID value.

Which versions of Suricata are affected by CVE-2024-37151?

CVE-2024-37151 affects Suricata versions prior to 7.0.6 and those between 6.0.0 and 6.0.20.

What can happen if CVE-2024-37151 is exploited?

If exploited, CVE-2024-37151 can lead to packet reassembly failure, allowing policies to be bypassed.

Vulnerability/
CVE-2024-37151

high

7.5

CWE

754

11/7/2024

2/8/2024

CVE-2024-37151: Suricata defrag: IP ID reuse can lead to policy bypass

First published: Thu Jul 11 2024(Updated: )

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
OISF Suricata	>=6.0.0<6.0.20
OISF Suricata	>=7.0.0<7.0.6

Remedy

https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0

Remedy

https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-37151?
CVE-2024-37151 has a high severity rating due to its potential for policy bypass in network security.
How do I fix CVE-2024-37151?
To fix CVE-2024-37151, upgrade to Suricata version 7.0.6 or 6.0.20 or later.
What causes CVE-2024-37151?
CVE-2024-37151 is caused by the mishandling of multiple fragmented packets with the same IP ID value.
Which versions of Suricata are affected by CVE-2024-37151?
CVE-2024-37151 affects Suricata versions prior to 7.0.6 and those between 6.0.0 and 6.0.20.
What can happen if CVE-2024-37151 is exploited?
If exploited, CVE-2024-37151 can lead to packet reassembly failure, allowing policies to be bypassed.

agent/weakness
agent/references
agent/title
agent/first-publish-date
agent/description
agent/type
agent/author
agent/event
agent/severity
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/oisf
canonical/oisf suricata
version/oisf suricata/6.0.0
version/oisf suricata/7.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.