CVE-2024-55628
HIGHSuricata < 7.0.8 - Denial of Service via DNS Resource Name Compression
Title source: llmDescription
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
Patch x_refsource_misc
https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
Patch x_refsource_misc
https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
Patch x_refsource_misc
https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d
Permissions Required x_refsource_misc
https://redmine.openinfosecfoundation.org/issues/7280
Scores
CVSS v3
7.5
EPSS
0.0067
EPSS Percentile
46.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-779
CWE-405
Status
published
Products (1)
oisf/suricata
< 7.0.8
Published
Jan 06, 2025
Tracked Since
Feb 18, 2026