6.2

CVE-2025-59149

Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack buffer overflow during Suricata startup or during a rule reload. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules with ldap.responses.attribute_type and transforms.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OisfSuricata Version8.0.0 Update-
OisfSuricata Version8.0.0 Updatebeta1
OisfSuricata Version8.0.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.088
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 6.2 2.5 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018
Release Notes
https://github.com/OISF/suricata/commit/38a2cba5c397002047d84645f5ab770ff88020e1
Patch
https://github.com/OISF/suricata/security/advisories/GHSA-vxcg-38x4-gj7j
Third Party Advisory
Issue Tracking
https://redmine.openinfosecfoundation.org/issues/7861
Issue Tracking