CVE-2024-55627: 
Suricata vulnerability analysis and mitigation

Suricata, a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine, was found to contain a critical vulnerability prior to version 7.0.8. The vulnerability was discovered and disclosed on January 6, 2025, affecting all versions before 7.0.8. The issue involves a buffer overflow vulnerability that can be triggered by specially crafted TCP streams (NVD, GHSA).

The vulnerability stems from an unsigned integer underflow condition that can lead to a very large buffer overflow during initialization when using memset. The issue occurs in the streaming buffer functionality when processing TCP streams. The vulnerability has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. The weakness has been categorized under CWE-122 (Heap-based Buffer Overflow) and CWE-191 (Integer Underflow) (GHSA).

The vulnerability can lead to a very large buffer overflow condition, potentially causing system crashes and denial of service. The CVSS scoring indicates that while there is no direct impact on confidentiality or integrity, there is a high impact on system availability (GHSA).

The vulnerability has been fixed in Suricata version 7.0.8. Users are advised to upgrade to this version to address the security issue. The fix includes additional safety checks in the streaming buffer functionality to prevent unsigned integer underflows (GHSA, CERT-FR).