References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400

CWE-770

https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e

https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942

https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9

https://redmine.openinfosecfoundation.org/issues/8181