Home > Vulnerability Database > CVE-2024-55628

Mend.io Vulnerability Database

CVE-2024-55628

Date: January 6, 2025

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

Severity Score

7.5

Related Resources (8)

Url: https://redmine.openinfosecfoundation.org/issues/7280

Url: https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j

Url: https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d

Url: https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55628

Url: https://security-tracker.debian.org/tracker/CVE-2024-55628

Url: https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951

Url: https://www.mend.io/vulnerability-database/CVE-2024-55628

Severity Score

7.5

Weakness Type (CWE)

Asymmetric Resource Consumption (Amplification)

CWE-405

Logging of Excessive Data

CWE-779

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55628

Date: January 6, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?