Asymmetric Resource Consumption (Amplification) in Suricata - CVE-2024-55628
Published: January 10, 2025
Vulnerability identifier: #VU102515
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-55628
CWE-ID: CWE-405
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Open Information Security Foundation
Affected software:
Suricata
Suricata
Detailed vulnerability description
The vulnerability allow a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of DNS resource name compression. A remote attacker can send small DNS messages containing very large hostnames and force the software to render very large DNS log records, leading to denial of service conditions.
How to mitigate CVE-2024-55628
Install updates from vendor's website.
Sources
- https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
- https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
- https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d
- https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
- https://redmine.openinfosecfoundation.org/issues/7280