{"id":"MGASA-2024-0306","summary":"Updated suricata packages fix security vulnerabilities","details":"CVE-2024-37151 Mishandling of multiple fragmented packets using the same\nIP ID value can lead to packet reassembly failure, which can lead to\npolicy bypass.\nCVE-2024-38534 Crafted modbus traffic can lead to unlimited resource\naccumulation within a flow\nCVE-2024-38535, CVE-2024-38536 Suricata can run out of memory when\nparsing crafted HTTP/2 traffic.\n","modified":"2026-04-16T04:42:22.489920391Z","published":"2024-09-17T02:41:21Z","upstream":["CVE-2024-37151","CVE-2024-38534","CVE-2024-38535","CVE-2024-38536"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0306.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33431"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJWELU75TPOICUA2UGNZDY7QQJBB7HYJ/"}],"affected":[{"package":{"name":"suricata","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/suricata?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.20-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0306.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}