Vulnerability Description
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oisf | Suricata | >= 6.0.0, < 6.0.20 |
Related Weaknesses (CWE)
References
- https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0Patch
- https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6bPatch
- https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24Vendor Advisory
- https://redmine.openinfosecfoundation.org/issues/7041Issue Tracking
- https://redmine.openinfosecfoundation.org/issues/7042Issue Tracking
- https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0Patch
- https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6bPatch
- https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html
- https://redmine.openinfosecfoundation.org/issues/7041Issue Tracking
- https://redmine.openinfosecfoundation.org/issues/7042Issue Tracking
FAQ
What is CVE-2024-37151?
CVE-2024-37151 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to...
How severe is CVE-2024-37151?
CVE-2024-37151 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-37151?
Check the references section above for vendor advisories and patch information. Affected products include: Oisf Suricata.