Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-55628

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

Published

2025-01-06T18:15:22.947

Last Modified

2025-03-31T13:02:25.710

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-405
CWE-779
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oisf	suricata	< 7.0.8	Yes

References

https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951 Patch ([email protected])
https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d Patch ([email protected])
https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d Patch ([email protected])
https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j Vendor Advisory ([email protected])
https://redmine.openinfosecfoundation.org/issues/7280 Permissions Required ([email protected])