CVE-2024-47188
Published: 16 October 2024
Summary
CVE-2024-47188 is a high-severity Use of Insufficiently Random Values (CWE-330) vulnerability in Oisf Suricata. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 30.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42304
Vulnerability details
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to…
more
an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in Suricata's HTTP byte-range tracking due to missing random seed initialization enables remote attackers to craft traffic causing hash collisions, resulting in severe performance degradation and denial of service through application exploitation.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Contacts with security groups provide timely information on broken or risky cryptographic algorithms, reducing the likelihood of their selection and use.
Ongoing education and sharing of recommended practices helps organizations identify and migrate away from broken or risky cryptographic algorithms.
Cross-organization threat feeds commonly include advances in cryptanalysis and active exploits against weak or broken algorithms, allowing organizations to deprecate them proactively.
Capital planning and funding allow selection and ongoing support of strong cryptographic algorithms rather than weak or broken ones.
Risk updates surface newly-broken or risky cryptographic algorithms as threat intelligence and computing advances evolve, enabling timely replacement.
Scanners flag use of broken or weak cryptographic algorithms via known-vulnerability databases.
Key generation under controlled management uses approved random-bit sources rather than insufficiently random values.
Enforces approved cryptographic algorithms for each use case, blocking use of broken or risky algorithms.