Suricata Unbounded Memory Growth Vulnerability in HTTP Decompression

A vulnerability in Suricata, a network IDS, IPS, and NSM engine, has been identified in versions 8.0.0 prior to 8.0.2. This vulnerability allows compressed HTTP data to cause unbounded memory growth during decompression, potentially leading to denial-of-service conditions. The issue arises from the use of a vector type that permits indefinite buffer expansion, a problem that has been addressed in the 8.0.2 release. Users can apply a workaround by disabling LZMA decompression or by limiting the response-body size.

Impact

Exploitation of this vulnerability can cause significant memory consumption, leading to performance degradation or service interruption.

Remediation

Users are advised to upgrade to Suricata version 8.0.2. If an immediate upgrade is not possible, LZMA decompression can be disabled, and the response-body limit size can be adjusted to mitigate the issue.