Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-29916

Опубликовано: 10 апр. 2025
Источник: debian

Описание

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
suricatafixed1:7.0.9-1package
suricatano-dsabookwormpackage

Примечания

  • Fixed by: https://github.com/OISF/suricata/commit/d32a39ca4b53d7f659f4f0a2a5c162ef97dc4797 (master)

  • Fixed by: https://github.com/OISF/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85 (master)

  • Fixed by: https://github.com/OISF/suricata/commit/2f432c99a9734ea3a75c9218f35060e11a7a39ad (suricata-7.0.9)

  • Fixed by: https://github.com/OISF/suricata/commit/e28c8c655a324a18932655a2c2b8f0d5aa1c55d7 (suricata-7.0.9)

  • Fixed by: https://github.com/OISF/suricata/commit/d86c5f9f0c75736d4fce93e27c0773fcb27e1047 (suricata-7.0.9)

Связанные уязвимости

ubuntu логотип

CVE-2025-29916

CVSS3: 6.2
ubuntu
10 месяцев назад

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.

nvd логотип

CVE-2025-29916

CVSS3: 6.2
nvd
10 месяцев назад

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.

fstec логотип

BDU:2025-03843

CVSS3: 7.3
fstec
11 месяцев назад

Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с недостаточной проверкой входных данных, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольный код