Jason Ish

17 exploits Active since Mar 2017
CVE-2024-23836 WRITEUP HIGH WRITEUP
Suricata < 6.0.16 and 7.0.3 - Denial of Service via Resource Exhaustion
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.
CVSS 7.5
CVE-2024-32867 WRITEUP MEDIUM WRITEUP
Suricata 6.0.0-6.0.18 - Rule and Policy Mis-detection via Fragmentation Anomaly Handling
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
CVSS 5.3
CVE-2023-35852 WRITEUP HIGH WRITEUP
Suricata < 6.0.13 - Path Traversal and Arbitrary File Write via Dataset Filename
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
CVSS 7.5
CVE-2024-32867 WRITEUP MEDIUM WRITEUP
Suricata 6.0.0-6.0.18 - Rule and Policy Mis-detection via Fragmentation Anomaly Handling
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
CVSS 5.3
CVE-2024-32867 WRITEUP MEDIUM WRITEUP
Suricata 6.0.0-6.0.18 - Rule and Policy Mis-detection via Fragmentation Anomaly Handling
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
CVSS 5.3
CVE-2024-32867 WRITEUP MEDIUM WRITEUP
Suricata 6.0.0-6.0.18 - Rule and Policy Mis-detection via Fragmentation Anomaly Handling
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
CVSS 5.3
CVE-2024-32867 WRITEUP MEDIUM WRITEUP
Suricata 6.0.0-6.0.18 - Rule and Policy Mis-detection via Fragmentation Anomaly Handling
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
CVSS 5.3
CVE-2024-55628 WRITEUP HIGH WRITEUP
Suricata < 7.0.8 - Denial of Service via DNS Resource Name Compression
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
CVSS 7.5
CVE-2024-55628 WRITEUP HIGH WRITEUP
Suricata < 7.0.8 - Denial of Service via DNS Resource Name Compression
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
CVSS 7.5
CVE-2026-22259 WRITEUP HIGH WRITEUP
Suricata < 7.0.14 - Denial of Service via DNP3 Traffic Parsing
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).
CVSS 7.5
CVE-2017-7177 WRITEUP HIGH WRITEUP
Suricata < 3.2 - IPv4 Fragment Evasion via Missing Protocol Check
Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
CVSS 7.5
CVE-2023-35852 WRITEUP HIGH WRITEUP
Suricata < 6.0.13 - Path Traversal and Arbitrary File Write via Dataset Filename
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
CVSS 7.5
CVE-2023-35853 WRITEUP CRITICAL WRITEUP
Suricata < 6.0.13 - Remote Code Execution via Lua Rules
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
CVSS 9.8
CVE-2024-32867 WRITEUP MEDIUM WRITEUP
Suricata 6.0.0-6.0.18 - Rule and Policy Mis-detection via Fragmentation Anomaly Handling
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
CVSS 5.3
CVE-2024-55628 WRITEUP HIGH WRITEUP
Suricata < 7.0.8 - Denial of Service via DNS Resource Name Compression
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
CVSS 7.5
CVE-2025-29915 WRITEUP HIGH WRITEUP
Suricata < 7.0.9 - Improper Verification of Cryptographic Signature via AF_PACKET Defrag Option
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.
CVSS 7.5
CVE-2026-22259 WRITEUP HIGH WRITEUP
Suricata < 7.0.14 - Denial of Service via DNP3 Traffic Parsing
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).
CVSS 7.5