6.2

CVE-2025-29918

EPSS 0.01%
Published 10.04.2025 21:02:32
Last modified 29.05.2025 15:49:18
Source security-advisories@github.com
Teams watchlist Login
Open Login

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Oisf ≫ Suricata Version < 7.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.006

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://github.com/OISF/suricata/security/advisories/GHSA-924c-vvm5-9mqx

Vendor Advisory

https://github.com/OISF/suricata/commit/b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b

Patch

https://redmine.openinfosecfoundation.org/issues/7526

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-29918

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-29918

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-29918

EUVD