Skip to main content

Suricata

68 CVEs product

Monthly

CVE-2026-59674 HIGH PATCH This Week

Local privilege escalation in the openSUSE Tumbleweed packaging of Suricata allows the unprivileged 'suricata' service account to gain root through a symbolic-link following flaw (CWE-61) in files or directories the package manages with predictable, service-writable paths. Any actor already holding the suricata user context - for example via a compromised or misconfigured IDS/IPS process - can plant a symlink that redirects a root-executed operation to a target of their choosing, yielding full system compromise. The CVSS 4.0 exploit-maturity metric is set to Proof-of-Concept (E:P); there is no evidence of active exploitation in CISA KEV, and no public exploit identified at time of analysis.

Privilege Escalation Suricata Opensuse Tumbleweed
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-22264 HIGH PATCH This Week

Heap use-after-free in Suricata prior to versions 8.0.3 and 7.0.14 can be triggered via integer overflow when processing packets that generate excessive alert conditions, allowing an attacker to crash the IDS/IPS engine or potentially achieve code execution. Affected deployments using large rulesets are at risk when processing malicious or crafted network traffic designed to trigger simultaneous signature matches. Patches are available for both affected versions.

Use After Free Integer Overflow Suricata Suse
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-22263 MEDIUM PATCH This Month

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to slowdown over multiple packets (CVSS 5.3).

Information Disclosure Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22262 MEDIUM PATCH This Month

Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a stack buffer overflow when processing oversized datasets with the save or state options enabled, allowing an attacker with network access to cause a denial of service. The vulnerability requires specific conditions to trigger but does not require authentication or user interaction. A patch is available in the latest versions.

Stack Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-22261 LOW PATCH Monitor

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to severe slowdowns (CVSS 3.7).

Information Disclosure Suricata
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-22260 HIGH PATCH This Week

Suricata versions 8.0.0 through 8.0.2 are susceptible to a stack overflow crash when processing network traffic with improperly configured body size limits. An unauthenticated remote attacker can trigger a denial of service by sending crafted requests that exceed the application's stack capacity. A patch is available in version 8.0.3, or administrators can apply the workaround of using default values for request-body-limit and response-body-limit configurations.

Stack Overflow Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22259 HIGH PATCH This Week

Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a denial of service condition where specially crafted DNP3 traffic triggers excessive memory consumption, potentially exhausting system memory and causing the service to crash. An unauthenticated attacker on the network can exploit this by sending malicious DNP3 packets to cause the IDS/IPS engine to become unavailable. A patch is available in the latest versions, and users can mitigate the risk by disabling the DNP3 parser if not required.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22258 HIGH PATCH This Week

Uncontrolled buffer expansion in Suricata's DCERPC parser allows remote attackers to trigger unbounded memory allocation and cause denial of service by sending specially crafted DCERPC traffic. The vulnerability affects versions prior to 8.0.3 and 7.0.14 across DCERPC/UDP, DCERPC/TCP, and SMB protocols, with TCP being partially protected by default stream depth limits. Patches are available, and administrators can mitigate by disabling vulnerable parsers or configuring stream reassembly depth limits.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64344 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64335 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64334 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64333 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64332 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64331 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64330 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59150 HIGH POC PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.

Denial Of Service Null Pointer Dereference Ubuntu Debian Suricata +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-59149 MEDIUM PATCH This Month

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack buffer overflow during Suricata startup or during a rule reload. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules with ldap.responses.attribute_type and transforms.

Stack Overflow Buffer Overflow Ubuntu Debian Suricata +1
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-59148 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer.

Denial Of Service Null Pointer Dereference Ubuntu Debian Suricata +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59147 HIGH PATCH This Week

A security vulnerability in Suricata (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Authentication Bypass Ubuntu Debian Suricata Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-34178 MEDIUM PATCH This Month

In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Pfsense Suricata
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-34177 MEDIUM PATCH This Month

In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Pfsense Suricata
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-34176 MEDIUM PATCH This Month

In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal Pfsense Suricata
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-34175 MEDIUM PATCH This Month

In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Pfsense Suricata
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-29918 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-29917 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-29916 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-29915 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-55629 HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-55628 HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-55627 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Heap Overflow Buffer Overflow Suricata Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-55626 LOW PATCH Monitor

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Suricata
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-55605 HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28870 HIGH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-24568 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Suricata Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-23839 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Suricata Memory Corruption Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-23836 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Suricata Denial Of Service Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-23835 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Suricata Denial Of Service Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-35853 CRITICAL PATCH Act Now

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Suricata
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-35852 HIGH PATCH This Week

In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Suricata
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-45098 HIGH POC PATCH This Week

An issue was discovered in Suricata before 6.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Suricata Authentication Bypass Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-37592 CRITICAL Act Now

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Suricata Memory Corruption
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-35063 HIGH This Week

Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Information Disclosure Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-17420 MEDIUM PATCH This Month

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Libhtp
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-16411 CRITICAL Act Now

An issue was discovered in Suricata 4.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-16410 CRITICAL Act Now

An issue was discovered in Suricata 4.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2019-15699 CRITICAL Act Now

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2019-10056 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Suricata Buffer Overflow Memory Corruption
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10055 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Suricata
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10054 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Suricata
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10052 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Suricata
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-10051 HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-1010279 HIGH POC PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-1010251 HIGH PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-10053 CRITICAL PATCH Act Now

An issue was discovered in Suricata 4.1.x before 4.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-10050 HIGH PATCH This Week

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2018-18956 HIGH This Week

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Denial Of Service Buffer Overflow
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-14568 HIGH POC PATCH This Week

Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-1000167 PyPI HIGH POC PATCH This Week

OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Suricata Deserialization RCE Suricata Update
NVD
CVSS 3.0
7.8
EPSS
4.2%
CVE-2018-6794 MEDIUM POC PATCH THREAT This Month

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Suricata Debian Linux
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
24.7%
CVE-2017-15377 HIGH This Week

In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Information Disclosure
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-8954 CRITICAL Act Now

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Privilege Escalation
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-7177 HIGH PATCH This Week

Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Suricata Information Disclosure
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2014-9769 HIGH This Week

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suricata Buffer Overflow Pcre
NVD
CVSS 3.0
7.3
EPSS
0.9%
CVE-2015-0971 MEDIUM PATCH This Month

The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Suricata Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6603 MEDIUM POC This Month

The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Suricata Buffer Overflow
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-4696 MEDIUM This Month

Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP Suricata Open Redirect Pfsense Suricata Package
NVD
CVSS 2.0
5.8
EPSS
0.0%
CVE-2014-4694 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Suricata Pfsense Suricata Package
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-5919 MEDIUM PATCH This Month

Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Suricata
NVD
CVSS 2.0
5.0
EPSS
0.9%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Local privilege escalation in the openSUSE Tumbleweed packaging of Suricata allows the unprivileged 'suricata' service account to gain root through a symbolic-link following flaw (CWE-61) in files or directories the package manages with predictable, service-writable paths. Any actor already holding the suricata user context - for example via a compromised or misconfigured IDS/IPS process - can plant a symlink that redirects a root-executed operation to a target of their choosing, yielding full system compromise. The CVSS 4.0 exploit-maturity metric is set to Proof-of-Concept (E:P); there is no evidence of active exploitation in CISA KEV, and no public exploit identified at time of analysis.

Privilege Escalation Suricata Opensuse Tumbleweed
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Heap use-after-free in Suricata prior to versions 8.0.3 and 7.0.14 can be triggered via integer overflow when processing packets that generate excessive alert conditions, allowing an attacker to crash the IDS/IPS engine or potentially achieve code execution. Affected deployments using large rulesets are at risk when processing malicious or crafted network traffic designed to trigger simultaneous signature matches. Patches are available for both affected versions.

Use After Free Integer Overflow Suricata +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to slowdown over multiple packets (CVSS 5.3).

Information Disclosure Suricata Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a stack buffer overflow when processing oversized datasets with the save or state options enabled, allowing an attacker with network access to cause a denial of service. The vulnerability requires specific conditions to trigger but does not require authentication or user interaction. A patch is available in the latest versions.

Stack Overflow Suricata Red Hat +1
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to severe slowdowns (CVSS 3.7).

Information Disclosure Suricata
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata versions 8.0.0 through 8.0.2 are susceptible to a stack overflow crash when processing network traffic with improperly configured body size limits. An unauthenticated remote attacker can trigger a denial of service by sending crafted requests that exceed the application's stack capacity. A patch is available in version 8.0.3, or administrators can apply the workaround of using default values for request-body-limit and response-body-limit configurations.

Stack Overflow Denial Of Service Suricata +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a denial of service condition where specially crafted DNP3 traffic triggers excessive memory consumption, potentially exhausting system memory and causing the service to crash. An unauthenticated attacker on the network can exploit this by sending malicious DNP3 packets to cause the IDS/IPS engine to become unavailable. A patch is available in the latest versions, and users can mitigate the risk by disabling the DNP3 parser if not required.

Denial Of Service Suricata Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Uncontrolled buffer expansion in Suricata's DCERPC parser allows remote attackers to trigger unbounded memory allocation and cause denial of service by sending specially crafted DCERPC traffic. The vulnerability affects versions prior to 8.0.3 and 7.0.14 across DCERPC/UDP, DCERPC/TCP, and SMB protocols, with TCP being partially protected by default stream depth limits. Patches are available, and administrators can mitigate by disabling vulnerable parsers or configuring stream reassembly depth limits.

Denial Of Service Suricata Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Suricata +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suricata +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.

Denial Of Service Null Pointer Dereference Ubuntu +3
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack buffer overflow during Suricata startup or during a rule reload. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules with ldap.responses.attribute_type and transforms.

Stack Overflow Buffer Overflow Ubuntu +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules using the entropy keyword, or validate they are anchored to a sticky buffer.

Denial Of Service Null Pointer Dereference Ubuntu +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A security vulnerability in Suricata (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Authentication Bypass Ubuntu Debian +2
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Pfsense +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Pfsense +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal Pfsense +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Pfsense +1
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Suricata Suse
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Suse
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Suricata +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Suse
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Suse
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Heap Overflow Buffer Overflow Suricata +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Suricata
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suricata Suse
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Denial Of Service
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Suricata Fedora
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Suricata +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Suricata Denial Of Service Fedora
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Suricata Denial Of Service Fedora
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Suricata
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Suricata
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Suricata before 6.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Suricata Authentication Bypass Debian Linux
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Suricata Memory Corruption
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Information Disclosure Debian Linux +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Libhtp
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Suricata 4.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

An issue was discovered in Suricata 4.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Suricata Buffer Overflow Memory Corruption
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Suricata
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Suricata
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Suricata
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Suricata
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Suricata
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Suricata
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Suricata 4.1.x before 4.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Suricata
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Suricata
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Denial Of Service Buffer Overflow
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Suricata
NVD GitHub
EPSS 4% CVSS 7.8
HIGH POC PATCH This Week

OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Suricata Deserialization RCE +1
NVD
EPSS 25% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Suricata Debian Linux
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Information Disclosure
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Privilege Escalation
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Suricata Information Disclosure
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suricata Buffer Overflow +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Suricata Debian Linux
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Suricata Buffer Overflow
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP Suricata Open Redirect +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Suricata +2
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Suricata
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy