Vulnerabilites related to OISF - suricata
CVE-2024-55605 (GCVE-0-2024-55605)
Vulnerability from cvelistv5
Published
2025-01-06 17:07
Modified
2025-01-06 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T17:20:58.873556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:22:20.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:07:18.849Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7229",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7229"
}
],
"source": {
"advisory": "GHSA-x2hr-33vp-w289",
"discovery": "UNKNOWN"
},
"title": "Suricata allows stack overflow in transforms"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55605",
"datePublished": "2025-01-06T17:07:18.849Z",
"dateReserved": "2024-12-09T14:22:52.524Z",
"dateUpdated": "2025-01-06T17:22:20.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24568 (GCVE-0-2024-24568)
Vulnerability from cvelistv5
Published
2024-02-26 15:54
Modified
2025-02-13 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c"
},
{
"name": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6717",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6717"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "38"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "39"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T20:18:31.069822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T14:36:16.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T02:13:12.995Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c"
},
{
"name": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6717",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6717"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"source": {
"advisory": "GHSA-gv29-5hqw-5h8c",
"discovery": "UNKNOWN"
},
"title": "Suricata http2: header handling evasion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24568",
"datePublished": "2024-02-26T15:54:52.314Z",
"dateReserved": "2024-01-25T15:09:40.210Z",
"dateUpdated": "2025-02-13T17:40:11.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55627 (GCVE-0-2024-55627)
Vulnerability from cvelistv5
Published
2025-01-06 17:50
Modified
2025-01-06 19:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T19:15:00.575209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T19:15:13.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:50:41.554Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v"
},
{
"name": "https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd"
},
{
"name": "https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be"
},
{
"name": "https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/9a53ec43b13f0039a083950511a18bf6f408e432"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7393",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7393"
}
],
"source": {
"advisory": "GHSA-h2mv-7gg8-8x7v",
"discovery": "UNKNOWN"
},
"title": "Suricata segfault on StreamingBufferSlideToOffsetWithRegions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55627",
"datePublished": "2025-01-06T17:50:41.554Z",
"dateReserved": "2024-12-09T17:48:05.556Z",
"dateUpdated": "2025-01-06T19:15:13.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32867 (GCVE-0-2024-32867)
Vulnerability from cvelistv5
Published
2024-05-07 15:06
Modified
2024-08-02 02:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c= 6.0.18, \u003e= 7.0.0, \u003c= 7.0.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T18:45:46.899664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:44.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5"
},
{
"name": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9"
},
{
"name": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66"
},
{
"name": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634"
},
{
"name": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b"
},
{
"name": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9"
},
{
"name": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6672",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6672"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6673",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6673"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6677",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c= 6.0.18"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T15:06:58.326Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5"
},
{
"name": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9"
},
{
"name": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66"
},
{
"name": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634"
},
{
"name": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b"
},
{
"name": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9"
},
{
"name": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6672",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6672"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6673",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6673"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6677",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6677"
}
],
"source": {
"advisory": "GHSA-xvrx-88mv-xcq5",
"discovery": "UNKNOWN"
},
"title": "Suricata\u0027s defrag contains various issues leading to policy bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32867",
"datePublished": "2024-05-07T15:06:58.326Z",
"dateReserved": "2024-04-19T14:07:11.228Z",
"dateUpdated": "2024-08-02T02:20:35.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38535 (GCVE-0-2024-38535)
Vulnerability from cvelistv5
Published
2024-07-11 14:50
Modified
2024-08-02 04:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "6.0.20",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:02:37.781270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:08:53.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563"
},
{
"name": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7"
},
{
"name": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7104",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7104"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7105",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7105"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7112",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.20"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:50:24.147Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563"
},
{
"name": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7"
},
{
"name": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7104",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7104"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7105",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7105"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7112",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7112"
}
],
"source": {
"advisory": "GHSA-cg8j-7mwm-v563",
"discovery": "UNKNOWN"
},
"title": "Suricata http2: oom from duplicate headers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38535",
"datePublished": "2024-07-11T14:50:24.147Z",
"dateReserved": "2024-06-18T16:37:02.729Z",
"dateUpdated": "2024-08-02T04:12:25.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47187 (GCVE-0-2024-47187)
Vulnerability from cvelistv5
Published
2024-10-16 18:50
Modified
2024-10-16 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T19:39:21.481679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:40:34.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:50:53.726Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7209",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7209"
}
],
"source": {
"advisory": "GHSA-64ww-4f6x-863p",
"discovery": "UNKNOWN"
},
"title": "Suricata datasets: missing hashtable random seed leads to potential DoS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47187",
"datePublished": "2024-10-16T18:50:53.726Z",
"dateReserved": "2024-09-19T22:32:11.963Z",
"dateUpdated": "2024-10-16T19:40:34.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29917 (GCVE-0-2025-29917)
Vulnerability from cvelistv5
Published
2025-04-10 21:00
Modified
2025-04-11 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread. This vulnerability is fixed in 7.0.9.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T15:56:27.328359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:03:53.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread. This vulnerability is fixed in 7.0.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T21:00:05.924Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-x8c9-8553-j9px",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-x8c9-8553-j9px"
},
{
"name": "https://github.com/OISF/suricata/commit/32d0bd2bbb4d486623dec85a94952fde2515f2f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/32d0bd2bbb4d486623dec85a94952fde2515f2f0"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7613",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7613"
}
],
"source": {
"advisory": "GHSA-x8c9-8553-j9px",
"discovery": "UNKNOWN"
},
"title": "Suricata decode_base64: signature can do large memory allocation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-29917",
"datePublished": "2025-04-10T21:00:05.924Z",
"dateReserved": "2025-03-12T13:42:22.135Z",
"dateUpdated": "2025-04-11T16:03:53.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59150 (GCVE-0-2025-59150)
Vulnerability from cvelistv5
Published
2025-10-01 20:23
Modified
2025-10-23 13:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:39:20.519524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:54:30.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-10-23T13:12:27.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-59150-suricata-detection-script"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-59150-suricata-mitigation-script"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0\u0027s usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:24:28.157Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3"
},
{
"name": "https://github.com/OISF/suricata/commit/d590fdfe42e995fd558315f0c24f9a352e21479d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/d590fdfe42e995fd558315f0c24f9a352e21479d"
},
{
"name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7881",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7881"
}
],
"source": {
"advisory": "GHSA-mhv7-qfmj-m3f3",
"discovery": "UNKNOWN"
},
"title": "Suricata: Keyword tls.subjectaltname can lead to NULL-ptr deref"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59150",
"datePublished": "2025-10-01T20:23:54.207Z",
"dateReserved": "2025-09-09T15:23:16.326Z",
"dateUpdated": "2025-10-23T13:12:27.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32664 (GCVE-0-2024-32664)
Vulnerability from cvelistv5
Published
2024-05-07 14:57
Modified
2024-08-02 02:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThanOrEqual": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T18:13:57.659920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:44.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:40.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7"
},
{
"name": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379"
},
{
"name": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c= 6.0.18"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T14:57:01.967Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7"
},
{
"name": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379"
},
{
"name": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4"
}
],
"source": {
"advisory": "GHSA-79vh-hpwq-3jh7",
"discovery": "UNKNOWN"
},
"title": "Suricata\u0027s base64 contains an out of bounds write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32664",
"datePublished": "2024-05-07T14:57:01.967Z",
"dateReserved": "2024-04-16T14:15:26.878Z",
"dateUpdated": "2024-08-02T02:13:40.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59148 (GCVE-0-2025-59148)
Vulnerability from cvelistv5
Published
2025-10-01 19:51
Modified
2025-10-01 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:58:02.145694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:58:13.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a \"sticky\" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:51:27.388Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-5qf6-92xg-3rr3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-5qf6-92xg-3rr3"
},
{
"name": "https://github.com/OISF/suricata/commit/9f32550e18f97ea5d610dd7c36aab0ba142c096c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/9f32550e18f97ea5d610dd7c36aab0ba142c096c"
},
{
"name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7838",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7838"
}
],
"source": {
"advisory": "GHSA-5qf6-92xg-3rr3",
"discovery": "UNKNOWN"
},
"title": "Suricata\u0027s improper use of entropy keyword can lead to a NULL-ptr deref"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59148",
"datePublished": "2025-10-01T19:51:27.388Z",
"dateReserved": "2025-09-09T15:23:16.326Z",
"dateUpdated": "2025-10-01T19:58:13.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37151 (GCVE-0-2024-37151)
Vulnerability from cvelistv5
Published
2024-07-11 14:39
Modified
2025-11-03 19:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.
Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:6.0.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "6.0.20",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:oisf:suricata:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:59:30.704290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:51:20.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:30:13.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24"
},
{
"name": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0"
},
{
"name": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7041",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7041"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7042",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7042"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.20"
},
{
"status": "affected",
"version": "\u003e= 7.0.0,\u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. \nMishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:39:32.766Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24"
},
{
"name": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0"
},
{
"name": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7041",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7041"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7042",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7042"
}
],
"source": {
"advisory": "GHSA-qrp7-g66m-px24",
"discovery": "UNKNOWN"
},
"title": "Suricata defrag: IP ID reuse can lead to policy bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37151",
"datePublished": "2024-07-11T14:39:32.766Z",
"dateReserved": "2024-06-03T17:29:38.328Z",
"dateUpdated": "2025-11-03T19:30:13.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53538 (GCVE-0-2025-53538)
Vulnerability from cvelistv5
Published
2025-07-22 21:36
Modified
2025-07-23 18:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of visibility. Workarounds include disabling the HTTP/2 parser, and using a signature like drop http2 any any -> any any (frame:http2.hdr; byte_test:1,=,0,3; byte_test:4,=,0,5; sid: 1;) where the first byte test tests the HTTP2 frame type DATA and the second tests the stream id 0. This is fixed in versions 7.0.11 and 8.0.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T18:32:13.576494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T18:32:21.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.11"
},
{
"status": "affected",
"version": "\u003e= 8.0.0-beta1, \u003c 8.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of visibility. Workarounds include disabling the HTTP/2 parser, and using a signature like drop http2 any any -\u003e any any (frame:http2.hdr; byte_test:1,=,0,3; byte_test:4,=,0,5; sid: 1;) where the first byte test tests the HTTP2 frame type DATA and the second tests the stream id 0. This is fixed in versions 7.0.11 and 8.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T21:36:03.976Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qrr7-crgj-cmh3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qrr7-crgj-cmh3"
},
{
"name": "https://github.com/OISF/suricata/commit/1d6d331752e933c46aca0ae7a9679b27462246e3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/1d6d331752e933c46aca0ae7a9679b27462246e3"
},
{
"name": "https://github.com/OISF/suricata/commit/7fa88ea9e7d05e07a7864050cfd836b576669720",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/7fa88ea9e7d05e07a7864050cfd836b576669720"
}
],
"source": {
"advisory": "GHSA-qrr7-crgj-cmh3",
"discovery": "UNKNOWN"
},
"title": "Suricata\u0027s mishandling of data on HTTP2 stream 0 can lead to resource starvation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53538",
"datePublished": "2025-07-22T21:36:03.976Z",
"dateReserved": "2025-07-02T15:15:11.515Z",
"dateUpdated": "2025-07-23T18:32:21.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59149 (GCVE-0-2025-59149)
Vulnerability from cvelistv5
Published
2025-10-01 20:07
Modified
2025-10-01 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack buffer overflow during Suricata startup or during a rule reload. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules with ldap.responses.attribute_type and transforms.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:17:30.332253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:41.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack buffer overflow during Suricata startup or during a rule reload. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules with ldap.responses.attribute_type and transforms."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:07:44.042Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-vxcg-38x4-gj7j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-vxcg-38x4-gj7j"
},
{
"name": "https://github.com/OISF/suricata/commit/38a2cba5c397002047d84645f5ab770ff88020e1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/38a2cba5c397002047d84645f5ab770ff88020e1"
},
{
"name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7861",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7861"
}
],
"source": {
"advisory": "GHSA-vxcg-38x4-gj7j",
"discovery": "UNKNOWN"
},
"title": "Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59149",
"datePublished": "2025-10-01T20:07:44.042Z",
"dateReserved": "2025-09-09T15:23:16.326Z",
"dateUpdated": "2025-10-01T20:17:41.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29915 (GCVE-0-2025-29915)
Vulnerability from cvelistv5
Published
2025-04-10 19:51
Modified
2025-04-10 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:03:29.824825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:05:50.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T19:51:48.289Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-7m5c-cqx4-x8mp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-7m5c-cqx4-x8mp"
},
{
"name": "https://github.com/OISF/suricata/commit/d78f2c9a4e2b59f44daeddff098915084493d08d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/d78f2c9a4e2b59f44daeddff098915084493d08d"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/5373",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/5373"
}
],
"source": {
"advisory": "GHSA-7m5c-cqx4-x8mp",
"discovery": "UNKNOWN"
},
"title": "Suricata af-packet: defrag option can lead to truncated packets affecting visibility"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-29915",
"datePublished": "2025-04-10T19:51:48.289Z",
"dateReserved": "2025-03-12T13:42:22.135Z",
"dateUpdated": "2025-04-10T20:05:50.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45795 (GCVE-0-2024-45795)
Vulnerability from cvelistv5
Published
2024-10-16 18:34
Modified
2024-10-17 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T17:14:16.727673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:14:45.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented \"unset\" option can trigger an assertion during traffic parsing, leading to denial of service. This issue is addressed in 7.0.7. As a workaround, use only trusted and well tested rulesets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:34:53.179Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7195",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7195"
}
],
"source": {
"advisory": "GHSA-6r8w-fpw6-cp9g",
"discovery": "UNKNOWN"
},
"title": "Suricata detect/datasets: reachable assertion with unimplemented rule option"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45795",
"datePublished": "2024-10-16T18:34:53.179Z",
"dateReserved": "2024-09-09T14:23:07.502Z",
"dateUpdated": "2024-10-17T17:14:45.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55626 (GCVE-0-2024-55626)
Vulnerability from cvelistv5
Published
2025-01-06 17:47
Modified
2025-11-03 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T19:15:39.252344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T19:15:49.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:32:13.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:47:07.213Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v"
},
{
"name": "https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7366",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7366"
}
],
"source": {
"advisory": "GHSA-wmg4-jqx5-4h9v",
"discovery": "UNKNOWN"
},
"title": "Suricata oversized bpf file can lead to buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55626",
"datePublished": "2025-01-06T17:47:07.213Z",
"dateReserved": "2024-12-09T17:48:05.556Z",
"dateUpdated": "2025-11-03T19:32:13.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23835 (GCVE-0-2024-23835)
Vulnerability from cvelistv5
Published
2024-02-26 15:35
Modified
2025-02-13 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc"
},
{
"name": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd"
},
{
"name": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6411",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6411"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThanOrEqual": "7.0.2",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T18:27:59.524895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:25:05.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T02:10:58.474Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc"
},
{
"name": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd"
},
{
"name": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6411",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6411"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"source": {
"advisory": "GHSA-8583-353f-mvwc",
"discovery": "UNKNOWN"
},
"title": "Suricata\u0027s pgsql: memory exhaustion use on record parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23835",
"datePublished": "2024-02-26T15:35:07.302Z",
"dateReserved": "2024-01-22T22:23:54.340Z",
"dateUpdated": "2025-02-13T17:39:54.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23836 (GCVE-0-2024-23836)
Vulnerability from cvelistv5
Published
2024-02-26 15:44
Modified
2025-02-13 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T14:33:18.701351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:51.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
},
{
"name": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
},
{
"name": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
},
{
"name": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
},
{
"name": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
},
{
"name": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
},
{
"name": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
},
{
"name": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
},
{
"name": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
},
{
"name": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
},
{
"name": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6531",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6531"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6532",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6532"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6540",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6540"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6658",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6658"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6659",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6659"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6660",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6660"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T02:13:53.157Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc"
},
{
"name": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7"
},
{
"name": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747"
},
{
"name": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7"
},
{
"name": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc"
},
{
"name": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97"
},
{
"name": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8"
},
{
"name": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786"
},
{
"name": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5"
},
{
"name": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01"
},
{
"name": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6531",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6531"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6532",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6532"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6540",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6540"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6658",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6658"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6659",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6659"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6660",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6660"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"source": {
"advisory": "GHSA-q33q-45cr-3cpc",
"discovery": "UNKNOWN"
},
"title": "crafted traffic can cause denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23836",
"datePublished": "2024-02-26T15:44:03.308Z",
"dateReserved": "2024-01-22T22:23:54.340Z",
"dateUpdated": "2025-02-13T17:39:55.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29918 (GCVE-0-2025-29918)
Vulnerability from cvelistv5
Published
2025-04-10 21:02
Modified
2025-11-03 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T15:56:04.780002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:03:41.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:46:43.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T21:02:32.646Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-924c-vvm5-9mqx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-924c-vvm5-9mqx"
},
{
"name": "https://github.com/OISF/suricata/commit/b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7526",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7526"
}
],
"source": {
"advisory": "GHSA-924c-vvm5-9mqx",
"discovery": "UNKNOWN"
},
"title": "Suricata pcre: negated pcr can cause infinite loop"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-29918",
"datePublished": "2025-04-10T21:02:32.646Z",
"dateReserved": "2025-03-12T13:42:22.135Z",
"dateUpdated": "2025-11-03T19:46:43.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38536 (GCVE-0-2024-38536)
Vulnerability from cvelistv5
Published
2024-07-11 14:54
Modified
2024-08-02 04:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:00:51.819723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:02:36.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7029",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7029"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7033",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:54:32.547Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7029",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7029"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7033",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7033"
}
],
"source": {
"advisory": "GHSA-j32j-4w6g-94hh",
"discovery": "UNKNOWN"
},
"title": "Suricata http/range: NULL-ptr deref when http.memcap is reached"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38536",
"datePublished": "2024-07-11T14:54:32.547Z",
"dateReserved": "2024-06-18T16:37:02.729Z",
"dateUpdated": "2024-08-02T04:12:25.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32663 (GCVE-0-2024-32663)
Vulnerability from cvelistv5
Published
2024-05-07 14:48
Modified
2025-11-03 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T17:39:47.421590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:29.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:29:48.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"
},
{
"name": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"
},
{
"name": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"
},
{
"name": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"
},
{
"name": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6892",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6892"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6900",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6900"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.4"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c= 6.0.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T14:48:20.366Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r"
},
{
"name": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64"
},
{
"name": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd"
},
{
"name": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019"
},
{
"name": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6892",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6892"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6900",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6900"
}
],
"source": {
"advisory": "GHSA-9jxm-qw9v-266r",
"discovery": "UNKNOWN"
},
"title": "Suricata \u0027s http2 parser contains an improper compressed header handling can lead to resource starvation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32663",
"datePublished": "2024-05-07T14:48:20.366Z",
"dateReserved": "2024-04-16T14:15:26.878Z",
"dateUpdated": "2025-11-03T19:29:48.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45796 (GCVE-0-2024-45796)
Vulnerability from cvelistv5
Published
2024-10-16 18:41
Modified
2025-11-03 19:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-193 - Off-by-one Error
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T17:15:59.665953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:16:06.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:30:58.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this behavior.This issue has been addressed in 7.0.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:41:43.559Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7067",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7067"
}
],
"source": {
"advisory": "GHSA-mf6r-3xp2-v7xg",
"discovery": "UNKNOWN"
},
"title": "Suricata defrag: off by one can lead to policy bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45796",
"datePublished": "2024-10-16T18:41:43.559Z",
"dateReserved": "2024-09-09T14:23:07.502Z",
"dateUpdated": "2025-11-03T19:30:58.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38534 (GCVE-0-2024-38534)
Vulnerability from cvelistv5
Published
2024-07-11 14:47
Modified
2024-08-02 04:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:10:00.733341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T19:44:00.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq"
},
{
"name": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6987",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6987"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6988",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:47:47.913Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq"
},
{
"name": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6987",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6987"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6988",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6988"
}
],
"source": {
"advisory": "GHSA-59qg-h357-69fq",
"discovery": "UNKNOWN"
},
"title": "Suricata modbus: txs without responses are never freed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38534",
"datePublished": "2024-07-11T14:47:47.913Z",
"dateReserved": "2024-06-18T16:37:02.729Z",
"dateUpdated": "2024-08-02T04:12:25.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23839 (GCVE-0-2024-23839)
Vulnerability from cvelistv5
Published
2024-02-26 15:48
Modified
2025-02-13 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7"
},
{
"name": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6657",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6657"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T14:59:23.872531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:30:14.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T02:14:08.189Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7"
},
{
"name": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/6657",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/6657"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/"
}
],
"source": {
"advisory": "GHSA-qxj6-hr2p-mmc7",
"discovery": "UNKNOWN"
},
"title": "Suricata http: heap use after free with http.request_header and http.response_header keywords"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23839",
"datePublished": "2024-02-26T15:48:16.120Z",
"dateReserved": "2024-01-22T22:23:54.342Z",
"dateUpdated": "2025-02-13T17:39:56.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47188 (GCVE-0-2024-47188)
Vulnerability from cvelistv5
Published
2024-10-16 18:58
Modified
2024-10-16 19:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T19:38:43.339478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:38:54.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for \"thash\" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:58:11.542Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7289",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7289"
}
],
"source": {
"advisory": "GHSA-qq5v-qcjx-f872",
"discovery": "UNKNOWN"
},
"title": "Suricata http/byte-ranges: missing hashtable random seed leads to potential DoS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47188",
"datePublished": "2024-10-16T18:58:11.542Z",
"dateReserved": "2024-09-19T22:32:11.964Z",
"dateUpdated": "2024-10-16T19:38:54.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28870 (GCVE-0-2024-28870)
Vulnerability from cvelistv5
Published
2024-04-03 21:13
Modified
2024-08-02 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThanOrEqual": "6.0.16",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T15:03:26.307651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T15:04:51.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:58.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c= 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T21:13:48.470Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8"
}
],
"source": {
"advisory": "GHSA-mhhx-xw7r-r5c8",
"discovery": "UNKNOWN"
},
"title": "Suricata uses excessive resource use in malformed ssh traffic parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28870",
"datePublished": "2024-04-03T21:13:48.470Z",
"dateReserved": "2024-03-11T22:45:07.688Z",
"dateUpdated": "2024-08-02T00:56:58.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55628 (GCVE-0-2024-55628)
Vulnerability from cvelistv5
Published
2025-01-06 18:02
Modified
2025-01-06 19:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T19:14:22.117040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T19:14:33.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-779",
"description": "CWE-779: Logging of Excessive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T18:02:10.692Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j"
},
{
"name": "https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951"
},
{
"name": "https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d"
},
{
"name": "https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7280",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7280"
}
],
"source": {
"advisory": "GHSA-96w4-jqwf-qx2j",
"discovery": "UNKNOWN"
},
"title": "Suricata oversized resource names utilizing DNS name compression can lead to resource starvation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55628",
"datePublished": "2025-01-06T18:02:10.692Z",
"dateReserved": "2024-12-09T17:48:05.557Z",
"dateUpdated": "2025-01-06T19:14:33.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59147 (GCVE-0-2025-59147)
Vulnerability from cvelistv5
Published
2025-10-01 19:27
Modified
2025-10-01 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:12.196265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:42:24.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.12"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358: Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:27:55.639Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r"
},
{
"name": "https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b"
},
{
"name": "https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e"
},
{
"name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
}
],
"source": {
"advisory": "GHSA-v8hv-6v7x-4c2r",
"discovery": "UNKNOWN"
},
"title": "Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59147",
"datePublished": "2025-10-01T19:27:55.639Z",
"dateReserved": "2025-09-09T15:23:16.326Z",
"dateUpdated": "2025-10-01T19:42:24.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29916 (GCVE-0-2025-29916)
Vulnerability from cvelistv5
Published
2025-04-10 20:03
Modified
2025-04-10 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:20:50.504730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:21:27.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn\u0027t properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:03:16.834Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-27g3-pmvp-j9cv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-27g3-pmvp-j9cv"
},
{
"name": "https://github.com/OISF/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7615",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7615"
}
],
"source": {
"advisory": "GHSA-27g3-pmvp-j9cv",
"discovery": "UNKNOWN"
},
"title": "Suricata datasets: ruleset declared settings can lead to resource starvation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-29916",
"datePublished": "2025-04-10T20:03:16.834Z",
"dateReserved": "2025-03-12T13:42:22.135Z",
"dateUpdated": "2025-04-10T20:21:27.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47522 (GCVE-0-2024-47522)
Vulnerability from cvelistv5
Published
2024-10-16 19:40
Modified
2025-09-25 16:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "suricata",
"vendor": "oisf",
"versions": [
{
"lessThan": "7.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47522",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T20:09:30.525598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T20:10:30.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-09-25T16:46:37.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2024-47522-detect-suricata-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2024-47522-mitigate-suricata-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T19:40:32.172Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7267",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7267"
}
],
"source": {
"advisory": "GHSA-w5xv-6586-jpm7",
"discovery": "UNKNOWN"
},
"title": "Suricata ja4: invalid alpn leads to panic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47522",
"datePublished": "2024-10-16T19:40:32.172Z",
"dateReserved": "2024-09-25T21:46:10.928Z",
"dateUpdated": "2025-09-25T16:46:37.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55629 (GCVE-0-2024-55629)
Vulnerability from cvelistv5
Published
2025-01-06 18:04
Modified
2025-01-06 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-437 - Incomplete Model of Endpoint Features
Summary
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -> any any (sid:1; tcp.flags:U*;) to drop all the packets with urgent flag set.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T18:51:44.782998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T18:51:58.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -\u003e any any (sid:1; tcp.flags:U*;) to drop all the packets with urgent flag set."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-437",
"description": "CWE-437: Incomplete Model of Endpoint Features",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T18:04:08.180Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2"
},
{
"name": "https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7"
},
{
"name": "https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7411",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7411"
}
],
"source": {
"advisory": "GHSA-69wr-vhwg-84h2",
"discovery": "UNKNOWN"
},
"title": "Suricata generic detection bypass using TCP urgent support"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55629",
"datePublished": "2025-01-06T18:04:08.180Z",
"dateReserved": "2024-12-09T17:48:05.557Z",
"dateUpdated": "2025-01-06T18:51:58.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}