CVE-2024-55629

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 7.0.8

Description The issue is related to Suricata's handling of TCP urgent data, which can lead to possible evasions due to differences in data analysis between Suricata and the applications at the TCP endpoints. This can potentially allow a remote attacker to impact the integrity of protected information. Suricata 7.0.8 includes options to configure how to handle TCP urgent data, mitigating the risk.

Recommendations For versions prior to 7.0.8, consider updating to Suricata 7.0.8 to mitigate the risk. In IPS mode, use a rule such as "drop tcp any any -> any any (sid:1; tcp.flags:U*;)" to drop all packets with the urgent flag set, as a temporary workaround until the issue is resolved.