Vulnerability CVE-2021-37592: Information
Description
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| suricata | sisyphus | 6.0.4-alt1 | 6.0.10-alt1 | ALT-PU-2022-1180-1 | 294444 | Fixed |
| suricata | c10f1 | 6.0.10-alt1 | 6.0.10-alt1 | ALT-PU-2024-3982-2 | 342715 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://github.com/OISF/suricata/releases |
|
| https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 |
|
| https://redmine.openinfosecfoundation.org/issues/4569 |
|