Описание
Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets save nor state options.
A flaw was found in Suricata, a network intrusion detection/prevention system (IDS/IPS). When saving a dataset, the system uses a stack buffer to process the data. If an attacker provides excessively large data within a dataset, it can cause a stack overflow. This vulnerability could lead to a denial of service, making the system unavailable.
Отчет
The vulnerability in Suricata, rated as MODERATE, involves a stack overflow when saving a dataset if the data exceeds the allocated buffer size. This flaw affects Suricata versions prior to 8.0.3 and 7.0.14. Red Hat customers running affected versions of Suricata are impacted if their intrusion detection rules utilize the save or state options with datasets, which can lead to a denial of service.
Меры по смягчению последствий
To mitigate this issue, avoid using rules with the save or state options for datasets in Suricata configurations. Disabling these specific dataset options prevents the vulnerable code path from being exercised, thereby eliminating the risk of a stack overflow. A restart of the Suricata service may be required for the changes to take effect.
Ссылки на источники
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options.
Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options.
Suricata is a network IDS, IPS and NSM engine. While saving a dataset ...
Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с переполнением буфера в стеке, позволяющая нарушителю вызвать отказ в обслуживании
5.9 Medium
CVSS3