CVE-2024-45796 MEDIUM

CVE-2024-45796: Suricata defrag: off by one can lead to policy bypass

Vendor Oisf
Product suricata
Weakness CWE-193
Published October 16, 2024
Last update April 2, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7.

Key dates

02Disclosure timeline

October 16, 2024 CVE published
April 2, 2026 Record updated