You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
dns: oversized resource names utilizing DNS name compression can lead to resource starvation
High
victorjulien
published
GHSA-96w4-jqwf-qx2jJan 6, 2025
Package
suricata
Affected versions
< 7.0.8
Patched versions
7.0.8
Description
Impact
DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous.
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is asymmetric.
Learn more on MITRE.
The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.
Learn more on MITRE.
Impact
DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous.
Patches
The issue has been addressed in Suricata 7.0.8.
References
https://redmine.openinfosecfoundation.org/issues/7280