Unrated severityNVD Advisory· Published Jan 6, 2025· Updated Jan 6, 2025

Suricata oversized resource names utilizing DNS name compression can lead to resource starvation

CVE-2024-55628

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

Affected products

Oisf/Suricatav5
Range: < 7.0.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951mitrex_refsource_MISC
github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768dmitrex_refsource_MISC
github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2dmitrex_refsource_MISC
github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2jmitrex_refsource_CONFIRM
redmine.openinfosecfoundation.org/issues/7280mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000