SB2025011002 - Multiple vulnerabilities in Suricata
Published: January 10, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2024-55605)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in multiple transforms. A remote attacker can send very large packets to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
Below is the list of affected transforms:
- to_lowercase
- to_uppercase
- strip_whitespace
- compress_whitespace
- dotprefix
- header_lowercase
- strip_pseudo_headers
- url_decode
- xor
2) Buffer overflow (CVE-ID: CVE-2024-55626)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling very large BPF filter file during startup. A remote attacker can trick the victim into providing a specially crafted BPF file to the application, trigger memory corruption and perform a denial of service (DoS) attack.
3) Integer underflow (CVE-ID: CVE-2024-55627)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an integer underflow in StreamingBufferSlideToOffsetWithRegions. A remote attacker can initiate a specially crafted TCP stream, trigger an integer underflow and perform a denial of service (DoS) attack.
4) Asymmetric Resource Consumption (Amplification) (CVE-ID: CVE-2024-55628)
The vulnerability allow a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of DNS resource name compression. A remote attacker can send small DNS messages containing very large hostnames and force the software to render very large DNS log records, leading to denial of service conditions.
5) Input validation error (CVE-ID: CVE-2024-55629)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of TCP streams with TCP urgent data (out of band data), which can lead to Suricata analyzing data differently than the applications at the TCP endpoints. A remote attacker can bypass generic detection when using TCP urgent support.
Remediation
Install update from vendor's website.
References
- https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289
- https://redmine.openinfosecfoundation.org/issues/7229
- https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb
- https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v
- https://redmine.openinfosecfoundation.org/issues/7366
- https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd
- https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be
- https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432
- https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v
- https://redmine.openinfosecfoundation.org/issues/7393
- https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
- https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
- https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d
- https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
- https://redmine.openinfosecfoundation.org/issues/7280
- https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7
- https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8
- https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2
- https://redmine.openinfosecfoundation.org/issues/7411