Fluid Attacks Database

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	suricata	>=0 <1:7.0.8-1	1:7.0.8-1
debian 11	suricata	=1:6.0.1-3 \|\| =1:6.0.1-3+deb11u1 \|\| =1:6.0.10-1 \|\| =1:6.0.10-1~bpo11+1 \|\| =1:6.0.13-1 \|\| =1:6.0.2-1~exp1 \|\| =1:6.0.3-1 \|\| =1:6.0.3-1~exp1 \|\| =1:6.0.3-1~exp2 \|\| =1:6.0.3-2 \|\| =1:6.0.3-2~bpo11+1 \|\| =1:6.0.4-1 \|\| =1:6.0.4-2 \|\| =1:6.0.4-2~bpo10+1 \|\| =1:6.0.4-2~bpo11+1 \|\| =1:6.0.4-3 \|\| =1:6.0.5-1 \|\| =1:6.0.5-2 \|\| =1:6.0.5-2~bpo10+1 \|\| =1:6.0.5-2~bpo11+1 \|\| =1:6.0.5-3 \|\| =1:6.0.6-1 \|\| =1:6.0.6-1~bpo10+1 \|\| =1:6.0.6-1~bpo11+1 \|\| =1:6.0.6-2 \|\| =1:6.0.8-1 \|\| =1:6.0.8-1~bpo11+1 \|\| =1:6.0.9-1 \|\| =1:6.0.9-1~bpo11+1 \|\| =1:7.0.0-1 \|\| =1:7.0.0-2 \|\| =1:7.0.0-2~bpo12+1 \|\| =1:7.0.1-1 \|\| =1:7.0.10-1 \|\| =1:7.0.10-1~bpo12+1 \|\| =1:7.0.11-1 \|\| =1:7.0.11-1~bpo13+1 \|\| =1:7.0.2-1 \|\| =1:7.0.2-1~bpo12+1 \|\| =1:7.0.2-2 \|\| =1:7.0.2-2~exp1 \|\| =1:7.0.2-2~exp2 \|\| =1:7.0.3-1 \|\| =1:7.0.3-1~bpo12+1 \|\| =1:7.0.4-1 \|\| =1:7.0.5-1 \|\| =1:7.0.5-2~bpo12+1 \|\| =1:7.0.6-1 \|\| =1:7.0.6-1~bpo12+1 \|\| =1:7.0.6-2~exp1 \|\| =1:7.0.7-1 \|\| =1:7.0.7-1~bpo12+1 \|\| =1:7.0.8-1 \|\| =1:7.0.8-1~bpo12+1 \|\| =1:7.0.8-2 \|\| =1:7.0.9-1 \|\| =1:8.0.0-1~exp1 \|\| =1:8.0.0-1~exp2 \|\| =1:8.0.0-1~exp4 \|\| =1:8.0.0-1~exp5 \|\| =1:8.0.1-1 \|\| =1:8.0.1-2 \|\| =1:8.0.1-3 \|\| =1:8.0.1-3~bpo13+1 \|\| =1:8.0.2-1 \|\| =1:8.0.2-1~bpo13+1 \|\| =1:8.0.3-1 \|\| =1:8.0.3-1~bpo13+1 \|\| =1:8.0.3-2~exp1 \|\| =1:8.0.4-1 \|\| =1:8.0.4-1~bpo13+1	-
debian 13	suricata	>=0 <1:7.0.8-1	1:7.0.8-1

Aliases

1. CVE-2024-556052. NVD-2024-556053. OSV-DEBIAN-2024-556054. OSV-2024-556055. SECURITY-TRACKER-CVE-2024-55605

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.