Alpine: multiple suricata packages: security update to 7.0.8-r0

high Tenable Self-Hosted Container Security Plugin ID 427667

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase,
strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or
xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in
Suricata 7.0.8. (CVE-2024-55605)

- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a
buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8. (CVE-2024-55626)

- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow
while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue
has been addressed in Suricata 7.0.8. (CVE-2024-55627)

- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages
containing very large hostnames which can be costly to decode, and lead to very large DNS log records.
While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
(CVE-2024-55628)

- Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security
Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to
Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible
evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In
IPS mode, you can use a rule such as drop tcp any any -> any any (sid:1; tcp.flags:U*;) to drop all the
packets with urgent flag set. (CVE-2024-55629)

See Also

https://security.alpinelinux.org/vuln/CVE-2024-55605

https://security.alpinelinux.org/vuln/CVE-2024-55626

https://security.alpinelinux.org/vuln/CVE-2024-55627

https://security.alpinelinux.org/vuln/CVE-2024-55628

https://security.alpinelinux.org/vuln/CVE-2024-55629

Plugin Details

Severity: High

ID: 427667

Version: Revision 1.6

Type: Local

Published: 5/16/2025

Updated: 6/1/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2024-55629

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/6/2025

Reference Information

CVE: CVE-2024-55605, CVE-2024-55626, CVE-2024-55627, CVE-2024-55628, CVE-2024-55629

IAVB: 2025-B-0005-S