CVE-2024-28870
Suricata uses excessive resource use in malformed ssh traffic parsing
In short
Suricata, a network security tool, can crash or slow down when it receives specially crafted SSH messages with very long headers. An attacker can send these malformed messages to exhaust the computer's resources.
Technical detail
A vulnerability in Suricata's SSH banner parsing (CWE-770: Allocation of Resources Without Limits or Throttling) allows an attacker to send crafted SSH traffic with excessively long banners, causing high CPU consumption and excessive alert logging. The attack requires network access to the monitored port and can result in denial of service or performance degradation of the IDS/IPS.
Summary generated and translated by AI from the official description.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
OISF · suricataWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →