Excessive CPU Usage and Logging in Suricata Due to SSH Banner Parsing
CVE-2024-28870

7.5HIGH

Key Information:

Vendor: Oisf
Status: Suricata
Vendor: CVE Published:; 3 April 2024

What is CVE-2024-28870?

Suricata, a network Intrusion Detection and Prevention System, experiences a vulnerability due to the way it handles excessively lengthy SSH banners. This can lead to substantial CPU resource usage, resulting in degraded performance and an increase in logging activity. Such conditions can overwhelm system resources, complicating the management of system alerts. The issue has been addressed in updated releases, specifically versions 6.0.17 and 7.0.4.

Affected Version(s)

suricata <= 6.0.16 <= 6.0.16

suricata >= 7.0.0, <= 7.0.3 <= 7.0.0, 7.0.3

References

https://github.com/OISF/suricata/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2024

Oisf

What is CVE-2024-28870?

Affected Version(s)

References

CVSS V3.1

Timeline