CVE-2024-55628

CVE-2024-55628

Name

CVE-2024-55628

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
MISC	https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
MISC	https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d
CONFIRM	https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
MISC	https://redmine.openinfosecfoundation.org/issues/7280

Type

URI

MISC

https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951

MISC

https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d

MISC

https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d

CONFIRM

https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j

MISC

https://redmine.openinfosecfoundation.org/issues/7280

CPE URI	Source package	Min version	Max version
	suricata	>= 0	< 7.0.8
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= None	< 7.0.8

CPE URI

Source package

Min version

Max version

suricata

>= 0

< 7.0.8

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= None

< 7.0.8

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
suricata	edge-community	7.0.8-r0	Steve McMaster <code@mcmaster.io>	fixed
suricata	edge-community	7.0.7-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.6-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.4-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.3-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	3.22-community	7.0.8-r0	Steve McMaster <code@mcmaster.io>	fixed
suricata	3.22-community	7.0.7-r0	None	possibly vulnerable
suricata	3.22-community	7.0.6-r0	None	possibly vulnerable
suricata	3.22-community	6.0.4-r0	None	possibly vulnerable
suricata	3.22-community	6.0.3-r0	None	possibly vulnerable
suricata	3.21-community	7.0.8-r0	Steve McMaster <code@mcmaster.io>	fixed

Source package

Branch

Version

Maintainer

Status

suricata

edge-community

7.0.8-r0

Steve McMaster <code@mcmaster.io>

fixed

suricata

edge-community