CVE-2024-55605

Published: Jan 6, 2025Modified: Mar 31, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8.

Affected (1)

Products: Oisf: Suricata

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oisf Suricata	Before 7.0.8

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289

Source: security-advisories@github.com

Vendor Advisory

https://redmine.openinfosecfoundation.org/issues/7229

Source: security-advisories@github.com

Permissions Required

Timeline

No history available yet.