CVE-2024-45795: 
Suricata vulnerability analysis and mitigation

Suricata, a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine, was found to contain a vulnerability prior to version 7.0.7. The vulnerability (CVE-2024-45795) involves rules using datasets with the non-functional/unimplemented "unset" option that can trigger an assertion during traffic parsing (GitHub Advisory).

The vulnerability is classified with CWE-617 (Reachable Assertion) and has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The technical analysis indicates that the vulnerability stems from an incomplete implementation of the "unset" support in datasets, which can lead to an abort condition when processing certain rules (OISF Issue).

When exploited, this vulnerability can result in a denial of service condition. The impact is specifically focused on availability, with no direct effect on confidentiality or integrity of the system (GitHub Advisory).

The vulnerability has been patched in Suricata version 7.0.7. As a temporary workaround, users are advised to use only trusted and well-tested rulesets to prevent potential exploitation (GitHub Advisory).