Cybersecurity Firm Kaspersky Identifies Vulnerabilities in Open-Source Projects Suricata and FreeRDP

Kaspersky‘s security experts have found seven vulnerabilities in the widely used open-source projects Suricata and FreeRDP.

Two of these vulnerabilities, CVE-2024-32664 and CVE-2024-32039, could “potentially allow attackers to execute arbitrary code on a vulnerable system, while others could enable unauthorized memory access.”

These vulnerabilities were discovered “during pre-release penetration testing as part of the security assessment of KasperskyOS-based products, including Kaspersky Thin Client (KTC) and Kaspersky IoT Secure Gateway (KISG), which integrate the open-source components Suricata and FreeRDP.”

Their team promptly reported these vulnerabilities “to the respective library developers.”

The open-source community validated the findings and assigned seven CVEs:

  • FreeRDP:
  • CVE-2024-32041
  • CVE-2024-32039
  • CVE-2024-32040
  • CVE-2024-32458
  • CVE-2024-32459
  • CVE-2024-32460
  • Suricata:
    CVE-2024-32664

Along with the reports, Kaspersky provided fuzzing tests “instrumental in identifying issues in FreeRDP.”

The open-source community used these tests “to uncover an additional about 10 vulnerabilities. All vulnerabilities were patched in both the open-source projects and Kaspersky’s products before the public release of new versions.”

Denis Skvortsov, lead application security specialist at Kaspersky said:

“The principle of ‘secure by design’ extends beyond system architecture to encompass the entire development process. By rigorously testing all system components before release, we contributed to resolving severe issues in two widely-used open-source projects. We are grateful to the Suricata and FreeRDP maintainers for their swift response to our findings and the rapid deployment of patches.”

Kaspersky strongly encourages users “to update to the latest versions of Suricata and FreeRDP to ensure their systems are protected.”

The most up-to-date versions at the time of this release are:

  • Suricata: 6.0.19 and 7.0.5
  • FreeRDP: 2.11.7 and 3.5.1

As noted in the update, Kaspersky is “a global cybersecurity and digital privacy company founded in 1997.”

With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise “is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.”

The company’s comprehensive security portfolio “includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats.”

They help over 200,000 corporate clients “protect what matters most to them.”



Sponsored Links by DQ Promote

 

 

Send this to a friend