CVE-2024-55628

EPSS 0.43%
Veröffentlicht 06.01.2025 18:15:22
Zuletzt bearbeitet 31.03.2025 13:02:25
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oisf ≫ Suricata Version < 7.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.618

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

CWE-779 Logging of Excessive Data

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951

Patch

https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d

Patch

https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d

Patch

https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j

Vendor Advisory

https://redmine.openinfosecfoundation.org/issues/7280

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-55628

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-55628

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-55628

EUVD