Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0796
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Suricata. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Suricata versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "Suricata",
"vendor": {
"name": "Suricata",
"scada": false
}
}
},
{
"description": "Suricata versions 8.x ant\u00e9rieures \u00e0 8.0.1",
"product": {
"name": "Suricata",
"vendor": {
"name": "Suricata",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-59149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59149"
},
{
"name": "CVE-2025-59150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59150"
},
{
"name": "CVE-2025-59147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59147"
},
{
"name": "CVE-2025-59148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59148"
}
],
"initial_release_date": "2025-09-17T00:00:00",
"last_revision_date": "2025-09-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0796",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Suricata. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Suricata",
"vendor_advisories": [
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Suricata suricata-8-0-1-and-7-0-12-released",
"url": "https://suricata.io/2025/09/16/suricata-8-0-1-and-7-0-12-released/"
}
]
}
CVE-2025-59147 (GCVE-0-2025-59147)
Vulnerability from cvelistv5
Published
2025-10-01 19:27
Modified
2025-10-01 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:12.196265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:42:24.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.12"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358: Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:27:55.639Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r"
},
{
"name": "https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b"
},
{
"name": "https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e"
},
{
"name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
}
],
"source": {
"advisory": "GHSA-v8hv-6v7x-4c2r",
"discovery": "UNKNOWN"
},
"title": "Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59147",
"datePublished": "2025-10-01T19:27:55.639Z",
"dateReserved": "2025-09-09T15:23:16.326Z",
"dateUpdated": "2025-10-01T19:42:24.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59148 (GCVE-0-2025-59148)
Vulnerability from cvelistv5
Published
2025-10-01 19:51
Modified
2025-10-01 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:58:02.145694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:58:13.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a \"sticky\" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:51:27.388Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-5qf6-92xg-3rr3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-5qf6-92xg-3rr3"
},
{
"name": "https://github.com/OISF/suricata/commit/9f32550e18f97ea5d610dd7c36aab0ba142c096c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/9f32550e18f97ea5d610dd7c36aab0ba142c096c"
},
{
"name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7838",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7838"
}
],
"source": {
"advisory": "GHSA-5qf6-92xg-3rr3",
"discovery": "UNKNOWN"
},
"title": "Suricata\u0027s improper use of entropy keyword can lead to a NULL-ptr deref"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59148",
"datePublished": "2025-10-01T19:51:27.388Z",
"dateReserved": "2025-09-09T15:23:16.326Z",
"dateUpdated": "2025-10-01T19:58:13.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59150 (GCVE-0-2025-59150)
Vulnerability from cvelistv5
Published
2025-10-01 20:23
Modified
2025-10-02 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:39:20.519524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:54:30.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0\u0027s usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:24:28.157Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3"
},
{
"name": "https://github.com/OISF/suricata/commit/d590fdfe42e995fd558315f0c24f9a352e21479d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/d590fdfe42e995fd558315f0c24f9a352e21479d"
},
{
"name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7881",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7881"
}
],
"source": {
"advisory": "GHSA-mhv7-qfmj-m3f3",
"discovery": "UNKNOWN"
},
"title": "Suricata: Keyword tls.subjectaltname can lead to NULL-ptr deref"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59150",
"datePublished": "2025-10-01T20:23:54.207Z",
"dateReserved": "2025-09-09T15:23:16.326Z",
"dateUpdated": "2025-10-02T15:54:30.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59149 (GCVE-0-2025-59149)
Vulnerability from cvelistv5
Published
2025-10-01 20:07
Modified
2025-10-01 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack buffer overflow during Suricata startup or during a rule reload. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules with ldap.responses.attribute_type and transforms.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:17:30.332253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:41.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack buffer overflow during Suricata startup or during a rule reload. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules with ldap.responses.attribute_type and transforms."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:07:44.042Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-vxcg-38x4-gj7j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-vxcg-38x4-gj7j"
},
{
"name": "https://github.com/OISF/suricata/commit/38a2cba5c397002047d84645f5ab770ff88020e1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/38a2cba5c397002047d84645f5ab770ff88020e1"
},
{
"name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/7861",
"tags": [
"x_refsource_MISC"
],
"url": "https://redmine.openinfosecfoundation.org/issues/7861"
}
],
"source": {
"advisory": "GHSA-vxcg-38x4-gj7j",
"discovery": "UNKNOWN"
},
"title": "Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59149",
"datePublished": "2025-10-01T20:07:44.042Z",
"dateReserved": "2025-09-09T15:23:16.326Z",
"dateUpdated": "2025-10-01T20:17:41.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…