Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase,
strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or
xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in
Suricata 7.0.8. (CVE-2024-55605)
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a
buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8. (CVE-2024-55626)
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow
while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue
has been addressed in Suricata 7.0.8. (CVE-2024-55627)
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages
containing very large hostnames which can be costly to decode, and lead to very large DNS log records.
While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
(CVE-2024-55628)
- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to
Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible
evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In
IPS mode, you can use a rule such as drop tcp any any -> any any (sid:1; tcp.flags:U*;) to drop all the
packets with urgent flag set. (CVE-2024-55629)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 1/6/2025