CVE-2024-55628
Suricata oversized resource names utilizing DNS name compression can lead to resource starvation
In short
Suricata's DNS parser can be tricked using compression techniques to create extremely large hostnames from tiny messages, causing the system to waste resources decoding them and generating oversized log files. This can slow down or crash the security monitoring system.
Technical detail
DNS name compression exploitation allows remote attackers to craft small DNS packets containing compressed pointers that expand into very large hostnames, bypassing insufficient resource limits and causing denial of service through CPU and memory exhaustion during DNS packet decoding and logging operations.
Summary generated and translated by AI from the official description.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
OISF · suricataWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768dhttps://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2dhttps://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2jhttps://redmine.openinfosecfoundation.org/issues/7280