Bug 2273282 (CVE-2024-28870)

Summary: CVE-2024-28870 suricata: excessive resource use in malformed ssh traffic parsing
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: suricata 6.0.17, suricata 7.0.4 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2273283, 2273284    
Bug Blocks:    

Description Robb Gatica 2024-04-04 01:55:38 UTC 
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.

https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8
Comment 1 Robb Gatica 2024-04-04 01:55:54 UTC 
Created suricata tracking bugs for this issue:

Affects: epel-all [bug 2273283]
Affects: fedora-all [bug 2273284]