Oisf Suricata vulnerabilities
85 known vulnerabilities affecting oisf/suricata.
Total CVEs
85
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL12HIGH58MEDIUM15
Vulnerabilities
Page 5 of 5
CVE-2024-55626P4MEDIUMCVSS 5.5fixed in 7.0.82025-01-06
CVE-2024-55626 [MEDIUM] CWE-680 CVE-2024-55626: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security M
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8.
nvdosv
CVE-2025-29917P4MEDIUMCVSS 5.5fixed in 7.0.92025-04-10
CVE-2025-29917 [MEDIUM] CWE-770 CVE-2025-29917: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security M
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread. This vulnerability is fixed in 7.0.9.
nvdosv
CVE-2025-29916P4MEDIUMCVSS 5.5fixed in 7.0.92025-04-10
CVE-2025-29916 [MEDIUM] CWE-770 CVE-2025-29916: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security M
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leadin
nvdosv
CVE-2013-5919P4MEDIUMCVSS 5.0v1.3v1.3.1+10 more2014-05-30
CVE-2013-5919 [MEDIUM] CWE-20 CVE-2013-5919: Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed S
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
nvdosv
CVE-2015-0971P4MEDIUMCVSS 5.0≥ 0, < 2.0.8-12015-05-14
CVE-2015-0971 [MEDIUM] CVE-2015-0971: The DER parser in Suricata before 2
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.
osv
← Previous5 / 5