CVE-2024-55605: 
Suricata vulnerability analysis and mitigation

CVE-2024-55605 affects Suricata, a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The vulnerability was discovered in versions prior to 7.0.8, where a large input buffer to various transform functions can lead to a stack overflow condition. The issue was disclosed on January 6, 2025, and has been patched in Suricata version 7.0.8 (NVD, GitHub Advisory).

The vulnerability affects multiple transform functions including to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, and xor. When these functions receive a large input buffer, they can trigger a stack overflow condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction (GitHub Advisory).

The primary impact of this vulnerability is on system availability. When successfully exploited, it can cause Suricata to crash through a stack overflow condition. The CVSS metrics indicate no impact on confidentiality or integrity, but a high impact on availability (GitHub Advisory).

The primary mitigation is to upgrade to Suricata version 7.0.8 or later, which contains the fix for this vulnerability. For users who cannot immediately upgrade, it is recommended to avoid using the affected transforms on file.data sticky buffer (GitHub Advisory).