Cyber Resilience

CVE-2024-47188

High

Published: 16 October 2024

Published
16 October 2024
Modified
22 October 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0012 30.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47188 is a high-severity Use of Insufficiently Random Values (CWE-330) vulnerability in Oisf Suricata. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 30.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to…

more

an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability in Suricata's HTTP byte-range tracking due to missing random seed initialization enables remote attackers to craft traffic causing hash collisions, resulting in severe performance degradation and denial of service through application exploitation.

Affected Assets

oisf
suricata
≤ 7.0.7

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-327

Contacts with security groups provide timely information on broken or risky cryptographic algorithms, reducing the likelihood of their selection and use.

addresses: CWE-327

Ongoing education and sharing of recommended practices helps organizations identify and migrate away from broken or risky cryptographic algorithms.

addresses: CWE-327

Cross-organization threat feeds commonly include advances in cryptanalysis and active exploits against weak or broken algorithms, allowing organizations to deprecate them proactively.

addresses: CWE-327

Capital planning and funding allow selection and ongoing support of strong cryptographic algorithms rather than weak or broken ones.

addresses: CWE-327

Risk updates surface newly-broken or risky cryptographic algorithms as threat intelligence and computing advances evolve, enabling timely replacement.

addresses: CWE-327

Scanners flag use of broken or weak cryptographic algorithms via known-vulnerability databases.

addresses: CWE-330

Key generation under controlled management uses approved random-bit sources rather than insufficiently random values.

addresses: CWE-327

Enforces approved cryptographic algorithms for each use case, blocking use of broken or risky algorithms.

References