📦 Suricata

This vulnerability allows an adversary who controls an external source of Lua rules to execute arbitrary Lua code in Suricata. It affects Suricata installations before version 6.0.13 that use Lua rule...

This vulnerability allows attackers to evade Suricata's TCP traffic inspection by sending a crafted sequence of TCP segments from a malicious client. It affects Suricata installations before version 5...

A stack overflow vulnerability in Suricata's Lua scripting engine allows attackers to cause denial of service or potentially execute arbitrary code by passing large buffers to Lua scripts. This affect...

A heap overflow vulnerability in Suricata's logging functionality can cause crashes when specific alert queue conditions are met. This affects Suricata versions before 7.0.13 and 8.0.2 when verdict lo...

A stack overflow vulnerability in Suricata's SWF decompression feature can cause the IDS/IPS engine to crash when processing malicious SWF files. This affects Suricata installations with SWF decompres...

This vulnerability in Suricata allows an attacker to cause unbounded memory growth by sending specially crafted compressed HTTP data, potentially leading to denial of service (DoS) due to resource exh...

A NULL pointer dereference vulnerability in Suricata's TLS subject alternative name parsing causes segmentation faults when processing malicious TLS certificates containing NULL bytes in subjectaltnam...

CVE-2025-59147 is a detection bypass vulnerability in Suricata where crafted traffic with multiple SYN packets containing different sequence numbers within the same flow tuple can cause Suricata to fa...

A memory handling vulnerability in Suricata's HTTP/2 parser allows uncontrolled memory consumption when processing data on stream 0. This can lead to denial of service through resource exhaustion, cau...

Suricata's default AF_PACKET defrag configuration causes packet truncation when reassembling fragmented packets, leading to incomplete network traffic analysis. This affects all Suricata deployments u...

This vulnerability in Suricata allows attackers to evade detection by using TCP urgent data (out-of-band data) to make Suricata analyze network traffic differently than the actual endpoints. This affe...

This vulnerability in Suricata allows attackers to send specially crafted DNS messages with compressed resource names that can cause excessive resource consumption during decoding. Systems running Sur...

This vulnerability in Suricata allows attackers to cause a denial-of-service by sending specially crafted network traffic that triggers a stack overflow in multiple transform functions. It affects all...

CVE-2024-47188 is a denial-of-service vulnerability in Suricata's thash implementation where missing random seed initialization allows attackers to predict hash table behavior. This enables attackers ...

This vulnerability in Suricata allows an attacker to cause a denial of service by triggering an assertion failure when rules use datasets with the unimplemented 'unset' option. Systems running Suricat...

CVE-2024-38534 is a denial-of-service vulnerability in Suricata where specially crafted Modbus traffic can cause unlimited resource accumulation within a flow, potentially leading to system resource e...

A memory allocation failure in Suricata's HTTP inspection module leads to a NULL pointer dereference and crash when the http.memcap limit is reached. This vulnerability affects all Suricata deployment...

CVE-2024-32663 is a memory exhaustion vulnerability in Suricata's HTTP/2 parser where small amounts of HTTP/2 traffic can cause excessive memory consumption. This affects Suricata deployments running ...

Suricata versions before 6.0.17 and 7.0.4 are vulnerable to a denial-of-service attack when processing excessively long SSH banners. Attackers can cause excessive CPU consumption and generate high-vol...

CVE-2024-23839 is a heap use-after-free vulnerability in Suricata's HTTP header parsing. Attackers can cause memory corruption and potential code execution by sending specially crafted traffic to syst...

CVE-2024-23836 is a resource exhaustion vulnerability in Suricata where attackers can craft malicious network traffic to cause excessive CPU and memory consumption, leading to denial of service. This ...

This vulnerability allows an attacker who controls external Suricata rules to perform directory traversal attacks, potentially writing arbitrary files to the local filesystem. It affects Suricata inst...

This vulnerability allows attackers to bypass HTTP-based intrusion detection signatures in Suricata by sending a crafted RST TCP packet with random TCP options. Affected systems are those running vuln...

A stack buffer overflow vulnerability in Suricata versions 8.0.0 allows attackers to potentially execute arbitrary code or cause denial of service. The vulnerability triggers when rules using the ldap...

Suricata's decode_base64 keyword has insufficient memory allocation limits, allowing attackers to trigger excessive memory consumption up to 4GB per thread via specially crafted signatures. This affec...

This vulnerability in Suricata allows an attacker to trigger a large buffer overflow via specially crafted TCP streams, potentially leading to denial of service or remote code execution. It affects al...

This vulnerability in Suricata involves improper handling of IP fragmentation anomalies, which can cause the intrusion detection/prevention system to misapply security rules and policies. This affects...