Volerion logoVolerion
Volerion logoVolerion

Suricata DNS Resource Name Compression Vulnerability Leading to Log Resource Starvation

Vulnerability

A vulnerability in Suricata's DNS handling prior to version 7.0.8 allows DNS resource name compression to create small DNS messages with excessively large hostnames. This can be expensive to decode and result in oversized DNS log entries. Although there are limits to prevent this, they were not stringent enough. The issue has been fixed in Suricata version 7.0.8.

Impact

The vulnerability can cause resource exhaustion by generating large DNS log records, which can be detrimental to systems with limited logging resources.

Reproduction

The vulnerability can be reproduced by sending DNS messages that utilize compression to create large hostnames, exceeding the normal length limits. This can be done by crafting DNS packets that compress pointers to long names, effectively creating a small packet with a large hostname that Suricata will decode and log.

Remediation

Users can upgrade to Suricata version 7.0.8 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.4
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.0
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.