CVE-2024-55628

HIGH EPSS 47.3%
Published Jan 6, 20251y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Jan 6, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
47.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-405
CWE-779

Affected Products 1

VendorProductVersionRange
oisfsuricata* <7.0.8

References 5

  • github.com https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
    Patch
  • github.com https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
    Patch
  • github.com https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d
    Patch
  • github.com https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
    Vendor Advisory
  • redmine.openinfosecfoundation.org https://redmine.openinfosecfoundation.org/issues/7280
    Permissions Required

Remediation

  • github.com https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
    Patch
  • github.com https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
    Patch
  • github.com https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d
    Patch