Unrated severityNVD Advisory· Published Oct 1, 2025· Updated Oct 23, 2025
Suricata: Keyword tls.subjectaltname can lead to NULL-ptr deref
CVE-2025-59150
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018mitrex_refsource_MISC
- github.com/OISF/suricata/commit/d590fdfe42e995fd558315f0c24f9a352e21479dmitrex_refsource_MISC
- github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3mitrex_refsource_CONFIRM
- redmine.openinfosecfoundation.org/issues/7881mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.