CVE-2024-55628

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

CVSS v3.1 Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-405 CWE-405

CWE-779 CWE-779

Affected Products

Vendor	Product	Versions
oisf	suricata	< 7.0.8

References

Advisories & Patches

https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951 https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j

Other References

https://redmine.openinfosecfoundation.org/issues/7280

Frequently Asked Questions

What is CVE-2024-55628? +

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8. It has a CVSS v3.1 base score of 7.5 (HIGH).

How severe is CVE-2024-55628? +

CVE-2024-55628 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-55628? +

CVE-2024-55628 affects products from oisf, specifically: suricata. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-55628? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-53633 9.8

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a …

CVE-2024-56200 8.6

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image …

CVE-2025-42874 7.9

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on …

CVE-2025-22166 7.5

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial …

CVE-2024-34703 7.5

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit …

CVE-2025-8677 7.5

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue …