#VU102515 Asymmetric Resource Consumption (Amplification) in Suricata - CVE-2024-55628
Vulnerability identifier: #VU102515
Vulnerability risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-405
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Suricata
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Vendor: Open Information Security Foundation
Description
The vulnerability allow a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of DNS resource name compression. A remote attacker can send small DNS messages containing very large hostnames and force the software to render very large DNS log records, leading to denial of service conditions.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Suricata: 7.0.0 - 7.0.7
External links
https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951
https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d
https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d
https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
https://redmine.openinfosecfoundation.org/issues/7280
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
