Suricata is an open-source network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine widely deployed for monitoring and analyzing network traffic. CVE-2024-45795 is a reachable assertion vulnerability classified under CWE-617, affecting Suricata versions prior to 7.0.7. The vulnerability arises when Suricata processes rules that use datasets containing the non-functional or unimplemented 'unset' option. During traffic parsing, if such a rule is triggered, it causes an assertion failure within the Suricata engine, leading to an immediate crash of the process. This results in a denial of service condition, rendering the IDS/IPS unavailable until restarted. The vulnerability can be exploited remotely without requiring authentication or user interaction, by sending network traffic crafted to trigger the problematic rule. Although no known exploits are currently reported in the wild, the vulnerability's nature and ease of exploitation make it a significant risk. The issue is addressed in Suricata version 7.0.7, which removes the assertion failure condition. As an interim mitigation, users are advised to deploy only trusted and thoroughly tested rulesets that do not include the 'unset' option. This vulnerability impacts the availability of Suricata-based security infrastructure, potentially leaving networks blind to attacks during downtime.

The primary impact of CVE-2024-45795 is a denial of service condition caused by Suricata crashing when processing certain rules. For organizations relying on Suricata for network intrusion detection and prevention, this can lead to temporary loss of visibility into network threats, increasing the risk of undetected attacks. The vulnerability affects the availability of critical security monitoring infrastructure, which can disrupt incident response and network defense operations. Since exploitation requires no authentication and can be triggered remotely, attackers can deliberately cause service outages, potentially as a diversion or to disable security monitoring during an attack. The impact is particularly severe for large enterprises, service providers, and critical infrastructure operators who depend on continuous network monitoring. Although the vulnerability does not affect confidentiality or integrity directly, the loss of availability can indirectly facilitate further compromise by reducing detection capabilities.

To mitigate CVE-2024-45795, organizations should immediately upgrade Suricata to version 7.0.7 or later, where the assertion failure has been fixed. Until the upgrade can be performed, administrators should audit and restrict the use of Suricata rulesets to only those that are trusted and well-tested, explicitly avoiding any rules that use the unimplemented 'unset' option in datasets. Network traffic filtering or segmentation can be employed to limit exposure to untrusted sources that might trigger the vulnerability. Monitoring Suricata logs for crashes or assertion failures can help detect attempted exploitation. Additionally, implementing process supervision and automatic restart mechanisms can reduce downtime if a crash occurs. Regularly updating and validating IDS/IPS rulesets and maintaining a robust patch management process are critical to preventing exploitation of similar vulnerabilities in the future.