7.5

CVE-2024-55628

Suricata oversized resource names utilizing DNS name compression can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OisfSuricata Version < 7.0.8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.68% 0.48
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-405 Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

CWE-779 Logging of Excessive Data

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
Patch
https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
Patch
https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d
Patch
https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
Vendor Advisory
https://redmine.openinfosecfoundation.org/issues/7280
Permissions Required