QwikSec

Security Database

CVE

CWE

Training

CVE-2024-55628

Published: Jan 6, 2025

Modified: Jan 6, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

Vendor	Product	Versions
OISF	suricata	affected `< 7.0.8`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j

x_refsource_CONFIRM

https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951

x_refsource_MISC

https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d

x_refsource_MISC

https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d

x_refsource_MISC

https://redmine.openinfosecfoundation.org/issues/7280

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.