Kaspersky identifies seven vulnerabilities in open-source projects Suricata and FreeRDP

by Enterprise IT World MEAAugust 30, 2024August 30, 20240529

Kaspersky has uncovered seven vulnerabilities, two of which could allow arbitrary code execution, in the widely used open-source projects Suricata and FreeRDP during pre-release penetration testing of company’s products.

Kaspersky’s security experts have found seven vulnerabilities in the widely used open-source projects Suricata and FreeRDP. Two of these vulnerabilities, CVE-2024-32664 and CVE-2024-32039, could potentially allow attackers to execute arbitrary code on a vulnerable system, while others could enable unauthorized memory access.

These vulnerabilities were discovered during pre-release penetration testing as part of the security assessment of KasperskyOS-based products, including Kaspersky Thin Client (KTC) and Kaspersky IoT Secure Gateway (KISG), which integrate the open-source components Suricata and FreeRDP. Kaspersky team promptly reported these vulnerabilities to the respective library developers.

The open-source community validated the findings and assigned seven CVEs:

FreeRDP:
- CVE-2024-32041
- CVE-2024-32039
- CVE-2024-32040
- CVE-2024-32458
- CVE-2024-32459
- CVE-2024-32460
Suricata:
- CVE-2024-32664

Along with the reports, Kaspersky provided fuzzing tests instrumental in identifying issues in FreeRDP. The open-source community used these tests to uncover an additional about 10 vulnerabilities. All vulnerabilities were patched in both the open-source projects and Kaspersky’s products before the public release of new versions.

“The principle of ‘secure by design’ extends beyond system architecture to encompass the entire development process,” said Denis Skvortsov, lead application security specialist at Kaspersky. “By rigorously testing all system components before release, we contributed to resolving severe issues in two widely-used open-source projects. We are grateful to the Suricata and FreeRDP maintainers for their swift response to our findings and the rapid deployment of patches.“

Kaspersky strongly encourages users to update to the latest versions of Suricata and FreeRDP to ensure their systems are protected. The most up-to-date versions at the time of this release are:

Suricata: 6.0.19 and 7.0.5
FreeRDP: 2.11.7 and 3.5.1

For further details on the discovered vulnerabilities, please visit Securelist.com.

Kaspersky identifies seven vulnerabilities in open-source projects Suricata and FreeRDP

Enterprise IT World MEA

Leave a Comment Cancel Reply

Core42 Sets Up European Headquarters in Dublin to Accelerate AI Infrastructure Growth

Nutanix Expands Nutanix Cloud Platform to Power Distributed Sovereign Clouds

Kissflow Named Leader in 2025 Nucleus Research LCAP Technology Value Matrix

Jerry Luftman, Professor & Managing Director, Global Institute for IT Management, New...

AVEVA Joins Porsche Formula E as Technology Partner to Drive Digital Innovation

Endava and Paysafe Forge Strategic Alliance to Transform Payments and Build Connected...

Nemetschek Group Showcases Digital Blueprint for the Middle East’s Future at Big...

Phillips Middle East Launches its First Manufacturing Tech Center of Excellence in...

Al Rajhi Bank Partners with ServiceNow and ejada Systems to Redefine Digital...

Commvault and Delinea Partner to Strengthen Defense Against Credential-Based Attacks

Infoblox Brings Predictive DNS Security Natively to AWS Network Firewall

Infoblox Integrates with AWS to Simplify IP Address Management Across Hybrid Clouds

SentinelOne and Rilian Technologies Forge Strategic Alliance to Expand AI-Powered Cybersecurity in...

Iran-Backed MuddyWater Targets Critical Infrastructure in Israel and Egypt, Masquerades as Snake...

Related posts

Leave a Comment Cancel Reply