CVE-2024-55628

Suricata oversized resource names utilizing DNS name compression can lead to resource starvation

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

Suricata es un sistema de detección de intrusiones, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. Antes de la versión 7.0.8, la compresión de nombres de recursos DNS podía generar mensajes DNS pequeños que contenían nombres de host muy grandes, cuya decodificación podía resultar costosa, y generar registros DNS muy grandes. Si bien existen límites, estos eran demasiado generosos. El problema se solucionó en Suricata 7.0.8.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-12-09 CVE Reserved
2024-12-12 CVE Published
2025-01-06 CVE Updated
2025-04-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-405: Asymmetric Resource Consumption (Amplification)
CWE-779: Logging of Excessive Data

CAPEC

References (5)

URL	Tag	Source
https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951	X_refsource_misc
https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d	X_refsource_misc
https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d	X_refsource_misc
https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j	X_refsource_confirm
https://redmine.openinfosecfoundation.org/issues/7280	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
OISF Search vendor "OISF"		Suricata Search vendor "OISF" for product "Suricata"				< 7.0.8 Search vendor "OISF" for product "Suricata" and version " < 7.0.8"		en		Affected