Cyber Resilience

CVE-2024-55605

HighDDoS

Published: 06 January 2025

Published
06 January 2025
Modified
31 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0063 45.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-55605 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Oisf Suricata. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked at the 45.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-55605 is a stack overflow vulnerability in Suricata, an open-source network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. The flaw affects versions prior to 7.0.8 and occurs when a large input buffer is processed by specific transform functions, including to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform. This triggers uncontrolled resource consumption (CWE-400), leading to a crash. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), rated as High severity due to its impact on availability.

Attackers can exploit this vulnerability remotely over the network with low complexity and no privileges or user interaction required. By sending crafted network traffic containing oversized inputs to the affected transform functions, an unauthenticated adversary can cause Suricata to crash, resulting in a denial-of-service condition that disrupts IDS/IPS/NSM operations.

The official GitHub security advisory (GHSA-x2hr-33vp-w289) and Open Information Security Foundation Redmine issue 7229 confirm the issue has been addressed in Suricata version 7.0.8. Security practitioners should upgrade to 7.0.8 or later to mitigate the vulnerability.

EU & UK References

Vulnerability details

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack…

more

overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Remote DoS crash of Suricata IDS/IPS directly enables impairing security tools via crafted network traffic.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22258Same product: Oisf Suricata
CVE-2026-22259Same product: Oisf Suricata
CVE-2026-31937Same product: Oisf Suricata
CVE-2026-31935Same product: Oisf Suricata
CVE-2026-31933Same product: Oisf Suricata
CVE-2026-22262Same product: Oisf Suricata
CVE-2026-22264Same product: Oisf Suricata
CVE-2026-31934Same product: Oisf Suricata
CVE-2026-31932Same product: Oisf Suricata
CVE-2026-31931Same product: Oisf Suricata

Affected Assets

oisf
suricata
≤ 7.0.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely flaw remediation, directly addressing the stack overflow vulnerability by mandating upgrades to Suricata 7.0.8 or later.

prevent

SC-5 implements denial-of-service protections that limit the effects of crafted oversized inputs causing Suricata crashes.

prevent

SI-16 enforces memory protections such as stack canaries and ASLR to mitigate stack overflow exploits in Suricata's transform functions.

References