CVE-2025-29916

Опубликовано: 10 апр. 2025

Источник: nvd

CVSS3: 6.2

CVSS3: 5.5

EPSS Низкий

Описание

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the hashsize to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.

Ссылки

https://github.com/OISF/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85
Patch
https://github.com/OISF/suricata/security/advisories/GHSA-27g3-pmvp-j9cv
Vendor Advisory
https://redmine.openinfosecfoundation.org/issues/7615
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

Версия до 7.0.9 (исключая)

EPSS

Процентиль: 20%

0.00063

Низкий

6.2 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-770

Связанные уязвимости

CVE-2025-29916

CVSS3: 6.2

ubuntu

10 месяцев назад

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.

CVE-2025-29916

CVSS3: 6.2

debian

10 месяцев назад

Suricata is a network Intrusion Detection System, Intrusion Prevention ...

BDU:2025-03843

CVSS3: 7.3

fstec

11 месяцев назад

Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с недостаточной проверкой входных данных, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольный код

EPSS

Процентиль: 20%

0.00063

Низкий

6.2 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-770