CVE-2024-32664

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-32664
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32664.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-32664
Downstream
Related
  • GHSA-79vh-hpwq-3jh7
Published
2024-05-07T15:15:08Z
Modified
2025-09-19T15:00:18.063666Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with base64_decode keyword with bytes option with value 1, 2 or 5 and for 7.0.x, setting app-layer.protocols.smtp.mime.body-md5 to false.

References

Affected packages

Git / github.com/oisf/suricata

Affected ranges

Type
GIT
Repo
https://github.com/oisf/suricata
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
311002baf288a225f62cf18a90c5fdd294447379
Fixed
d5ffecf11ad2c6fe89265e518f5d7443caf26ba4

Affected versions

suricata-0.*

suricata-0.8.2

suricata-1.*

suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
suricata-1.2
suricata-1.2.1
suricata-1.2beta1
suricata-1.2rc1
suricata-1.3
suricata-1.3.1
suricata-1.3beta1
suricata-1.3beta2
suricata-1.3rc1
suricata-1.4
suricata-1.4beta1
suricata-1.4beta2
suricata-1.4beta3
suricata-1.4rc1

suricata-2.*

suricata-2.0
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0.2
suricata-2.0beta1
suricata-2.0beta2
suricata-2.0rc1
suricata-2.0rc2
suricata-2.0rc3
suricata-2.1beta1
suricata-2.1beta2
suricata-2.1beta3
suricata-2.1beta4

suricata-3.*

suricata-3.0
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0RC1
suricata-3.0RC2
suricata-3.0RC3
suricata-3.1
suricata-3.1.1
suricata-3.1.2
suricata-3.1RC1
suricata-3.2
suricata-3.2.1
suricata-3.2RC1
suricata-3.2beta1

suricata-4.*

suricata-4.0.0
suricata-4.0.0-beta1
suricata-4.0.0-rc1
suricata-4.0.0-rc2
suricata-4.0.1
suricata-4.1.0
suricata-4.1.0-beta1
suricata-4.1.0-rc1
suricata-4.1.0-rc2
suricata-4.1.1
suricata-4.1.2

suricata-5.*

suricata-5.0.0
suricata-5.0.0-beta1
suricata-5.0.0-rc1
suricata-5.0.1

suricata-6.*

suricata-6.0.0
suricata-6.0.0-beta1
suricata-6.0.0-rc1
suricata-6.0.1
suricata-6.0.10
suricata-6.0.11
suricata-6.0.12
suricata-6.0.13
suricata-6.0.14
suricata-6.0.15
suricata-6.0.16
suricata-6.0.17
suricata-6.0.18
suricata-6.0.2
suricata-6.0.3
suricata-6.0.4
suricata-6.0.5
suricata-6.0.6
suricata-6.0.7
suricata-6.0.8
suricata-6.0.9

suricata-7.*

suricata-7.0.0
suricata-7.0.0-beta1
suricata-7.0.0-rc1
suricata-7.0.0-rc2
suricata-7.0.1
suricata-7.0.2
suricata-7.0.3
suricata-7.0.4

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "src/util-base64.c"
            },
            "source": "https://github.com/oisf/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4",
            "digest": {
                "line_hashes": [
                    "46679933959011915951402130356142014458",
                    "152686793277762586364556378538153723005",
                    "24712848685648214478961238615451827358",
                    "299308388501023117808097698127344830766",
                    "308754288649312340994858895020941377081",
                    "254300812950586756234475076883955935037",
                    "241421372473962255925250380684720938406",
                    "34126542032130551298903788104990888268",
                    "201108913660986669710285444166741733136",
                    "164794786683505136590423059992333542084",
                    "239127772975049259354514938513769890836"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2024-32664-416a8d97"
        },
        {
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "src/util-base64.c"
            },
            "source": "https://github.com/oisf/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379",
            "digest": {
                "line_hashes": [
                    "46679933959011915951402130356142014458",
                    "152686793277762586364556378538153723005",
                    "24712848685648214478961238615451827358",
                    "299308388501023117808097698127344830766",
                    "308754288649312340994858895020941377081",
                    "254300812950586756234475076883955935037",
                    "241421372473962255925250380684720938406",
                    "34126542032130551298903788104990888268",
                    "201108913660986669710285444166741733136",
                    "164794786683505136590423059992333542084",
                    "239127772975049259354514938513769890836"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "CVE-2024-32664-9abca188"
        },
        {
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "src/util-base64.c",
                "function": "DecodeBase64"
            },
            "source": "https://github.com/oisf/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379",
            "digest": {
                "length": 1735.0,
                "function_hash": "29055727341352579509934896304558138383"
            },
            "signature_type": "Function",
            "id": "CVE-2024-32664-ad1ac9eb"
        },
        {
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "src/util-base64.c",
                "function": "DecodeBase64"
            },
            "source": "https://github.com/oisf/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4",
            "digest": {
                "length": 1725.0,
                "function_hash": "212927719737738737265170887986709280404"
            },
            "signature_type": "Function",
            "id": "CVE-2024-32664-e2392738"
        }
    ]
}