#VU102515 Asymmetric Resource Consumption (Amplification) in Suricata - CVE-2024-55628
Published: January 10, 2025
Vulnerability identifier: #VU102515
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-55628
CWE-ID: CWE-405
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Suricata
Suricata
Software vendor:
Open Information Security Foundation
Open Information Security Foundation
Description
The vulnerability allow a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of DNS resource name compression. A remote attacker can send small DNS messages containing very large hostnames and force the software to render very large DNS log records, leading to denial of service conditions.
Remediation
Install updates from vendor's website.
External links
- https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
- https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
- https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d
- https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
- https://redmine.openinfosecfoundation.org/issues/7280