CVE-2024-55628

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 7.0.8

Description The issue is related to asymmetric resource consumption due to incorrect compression of DNS resource names when processing DNS messages. This can be exploited by a remote attacker to cause a denial of service. The problem arises when small DNS messages contain very large hostnames, which can be costly to decode and lead to very large DNS log records. Although limits are in place, they were too generous, allowing for potential exploitation.

Recommendations For Suricata versions prior to 7.0.8, update to version 7.0.8 to address the issue. As a temporary workaround, consider restricting the size of DNS messages or limiting the decoding of large hostnames to minimize the risk of exploitation.