CVE-2024-55605

CVE-2024-55605 is a stack overflow vulnerability in Suricata, an open-source network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. The flaw affects versions prior to 7.0.8 and occurs when a large input buffer is processed by specific transform functions, including to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform. This triggers uncontrolled resource consumption (CWE-400), leading to a crash. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), rated as High severity due to its impact on availability.

Attackers can exploit this vulnerability remotely over the network with low complexity and no privileges or user interaction required. By sending crafted network traffic containing oversized inputs to the affected transform functions, an unauthenticated adversary can cause Suricata to crash, resulting in a denial-of-service condition that disrupts IDS/IPS/NSM operations.

The official GitHub security advisory (GHSA-x2hr-33vp-w289) and Open Information Security Foundation Redmine issue 7229 confirm the issue has been addressed in Suricata version 7.0.8. Security practitioners should upgrade to 7.0.8 or later to mitigate the vulnerability.