PT-2024-27336 · Suricata+2 · Suricata+2

Léopold Ouairy

Published

2024-07-11

Updated

2025-11-07

CVE-2024-37151

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 6.0.20 Suricata versions prior to 7.0.6

Description Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass.

Recommendations Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable defrag to reduce the scope of the problem.

Exploit

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

ALT-PU-2025-14099

CVE-2024-37151

DLA-4103-1

GHSA-QRP7-G66M-PX24

MGASA-2024-0306

OPENSUSE-SU-2025:15394-1

ROSA-SA-2025-2578

Affected Products

Alt Linux

Debian

Suricata

PT-2024-27336 · Suricata+2 · Suricata+2

CVE-2024-37151

Weakness Enumeration

Related Identifiers

Affected Products

References · 55