How severe is CVE-2024-47187?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-47187?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2024-47187 - HIGH Severity | CVSS 7.5

Vulnerability Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules.

Related Vulnerabilities

CVE-2008-0087

HIGH

CVSS:7.5(High)

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

CWE-3302008

CVE-2008-0141

HIGH

CVSS:7.5(High)

actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.

CWE-3302008

CVE-2008-2020

HIGH

CVSS:7.5(High)

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11,...

CWE-3302008

CVE-2008-4905

HIGH

CVSS:7.5(High)

Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack.

CWE-3302008

CVE-2008-4929

HIGH

CVSS:7.5(High)

MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing fil...

CWE-3302008

CVE-2009-0255

HIGH

CVSS:7.5(High)

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for at...

CWE-3302009