CVE-2024-32664

Suricata's base64 contains an out of bounds write

CVSS 5.3 MEDIUMEPSS 0.9%CWE-120 CWE-122

In short

Suricata's base64 decoder has a buffer overflow vulnerability when processing specially crafted network data, potentially allowing an attacker to crash the system or execute unintended code during traffic inspection.

Technical detail

A stack-based buffer overflow exists in Suricata's base64_decode implementation when the `bytes` option is set to 1, 2, or 5. The vulnerability is triggered by maliciously crafted traffic or datasets processed through rules using this keyword combination, affecting versions before 7.0.5 and 6.0.19.

Summary generated and translated by AI from the official description.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

OISF · suricata

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379 https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4 https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7