CVE-2024-55628: 
Suricata vulnerability analysis and mitigation

CVE-2024-55628 affects Suricata, a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The vulnerability was discovered and disclosed on January 6, 2025, affecting versions prior to 7.0.8. The issue involves DNS resource name compression that can lead to small DNS messages containing very large hostnames (GitHub Advisory).

The vulnerability stems from DNS resource name compression mechanism that can result in small DNS messages containing disproportionately large hostnames. While limits were in place, they were deemed too generous. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-405 (Asymmetric Resource Consumption) and CWE-779 (Logging of Excessive Data) (NVD).

The vulnerability can lead to resource starvation as the decoding of compressed DNS messages becomes costly. Additionally, it can result in very large DNS log records that could potentially impact system performance and storage (GitHub Advisory).

The vulnerability has been patched in Suricata version 7.0.8. Users are advised to upgrade to this version or later to address the issue. The fix includes implementation of stricter limits on DNS resource name compression (GitHub Advisory).