{"id":"CVE-2024-32867","summary":"Suricata's defrag contains various issues leading to policy bypass","details":"Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.","aliases":["GHSA-xvrx-88mv-xcq5"],"modified":"2026-04-11T06:17:01.975868Z","published":"2024-05-07T15:06:58.326Z","related":["openSUSE-SU-2025:15394-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32867.json","cwe_ids":["CWE-754"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://redmine.openinfosecfoundation.org/issues/6672"},{"type":"WEB","url":"https://redmine.openinfosecfoundation.org/issues/6673"},{"type":"WEB","url":"https://redmine.openinfosecfoundation.org/issues/6677"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32867.json"},{"type":"ADVISORY","url":"https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32867"},{"type":"FIX","url":"https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9"},{"type":"FIX","url":"https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66"},{"type":"FIX","url":"https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634"},{"type":"FIX","url":"https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b"},{"type":"FIX","url":"https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9"},{"type":"FIX","url":"https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oisf/suricata","events":[{"introduced":"21ec99aa76cc5406007ce12a4891f2eaedb02291"},{"fixed":"e6267758ed5da27f804f0c1c07f9423bdf4d72b8"}]}],"versions":["suricata-7.0.0","suricata-7.0.1","suricata-7.0.2","suricata-7.0.3","suricata-7.0.4"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"length":2624,"function_hash":"200129975315688852791285153319877729791"},"deprecated":false,"target":{"file":"src/defrag.c","function":"Defrag6Reassemble"},"source":"https://github.com/oisf/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8","id":"CVE-2024-32867-19d40dcd","signature_type":"Function"},{"signature_version":"v1","digest":{"length":2633,"function_hash":"173510786577142670905598566129563281275"},"deprecated":false,"target":{"file":"src/defrag.c","function":"DefragRegisterTests"},"source":"https://github.com/oisf/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8","id":"CVE-2024-32867-79dcd90a","signature_type":"Function"},{"signature_version":"v1","digest":{"length":2784,"function_hash":"329366401534222432074501077613661253093"},"deprecated":false,"target":{"file":"src/defrag.c","function":"Defrag4Reassemble"},"source":"https://github.com/oisf/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8","id":"CVE-2024-32867-b5cccdc9","signature_type":"Function"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["218199701975239046108302715647236416450","314054038538197973098055812623254789797","63223433935127937834110891763313524252","312530708338735480488962657517869320913","218199701975239046108302715647236416450","314054038538197973098055812623254789797","63223433935127937834110891763313524252","196609206739538876684888463338745676805","181927724744590057598095186442236524424","3560434030589569845174873294565570849","185446072461540552487250584479217715315","1860132004204363834391152679783348826","122794033122135988866658046289908970292","318780306635404832855506370816517830549"]},"deprecated":false,"target":{"file":"src/defrag.c"},"source":"https://github.com/oisf/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8","id":"CVE-2024-32867-b94f63f6","signature_type":"Line"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32867.json","vanir_signatures_modified":"2026-04-11T06:17:01Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}