VYPR

Vendor CVEs

Oisf

All CVEs

86 total · sorted by risk
  • CVE-2026-31937HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.

  • CVE-2026-31935HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in…

  • CVE-2026-31934HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4.

  • CVE-2026-31933HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4.

  • CVE-2026-31932HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4.

  • CVE-2026-31931HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4.

  • CVE-2017-15377HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.02

    In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no…

  • CVE-2015-0928HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.02

    libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).

  • CVE-2018-6794MedFeb 7, 2018
    risk 0.05cvss 5.3epss 0.30

    Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients…

  • CVE-2026-22264Jan 27, 2026
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround,…

  • CVE-2026-22263Jan 27, 2026
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.

  • CVE-2026-22262Jan 27, 2026
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a…

  • CVE-2026-22261Jan 27, 2026
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support…

  • CVE-2026-22260Jan 27, 2026
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `response-body-limit`.

  • CVE-2026-22259Jan 27, 2026
    risk 0.00cvss epss 0.01

    Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading…

  • CVE-2026-22258Jan 27, 2026
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC…

  • CVE-2025-64344Nov 26, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output…

  • CVE-2025-64330Nov 26, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to…

  • CVE-2025-64331Nov 26, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body…

  • CVE-2025-64332Nov 26, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has…

  • CVE-2025-64333Nov 26, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been…

  • CVE-2025-64335Nov 26, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This…

  • CVE-2025-64334Nov 26, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been…

  • CVE-2025-59150Oct 1, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte.…

  • CVE-2025-59149Oct 1, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack buffer overflow during…

  • CVE-2025-59148Oct 1, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead to a segmentation fault.…

  • CVE-2025-59147Oct 1, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different…

  • CVE-2025-34178Sep 9, 2025
    risk 0.00cvss epss 0.03

    In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg…

  • CVE-2025-53537Jul 23, 2025
    risk 0.00cvss epss 0.00

    LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml…

  • CVE-2025-53538Jul 22, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage,…

  • CVE-2025-29918Apr 10, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility…

  • CVE-2025-29917Apr 10, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations…

  • CVE-2025-29916Apr 10, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large.…

  • CVE-2025-29915Apr 10, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet…

  • CVE-2024-55629Jan 6, 2025
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints,…

  • CVE-2024-55628Jan 6, 2025
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to…

  • CVE-2024-55627Jan 6, 2025
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an…

  • CVE-2024-55626Jan 6, 2025
    risk 0.00cvss epss 0.00

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in…

  • CVE-2024-55605Jan 6, 2025
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers,…

  • CVE-2024-47522Oct 16, 2024
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been…

  • CVE-2024-47188Oct 16, 2024
    risk 0.00cvss epss 0.00

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead…

  • CVE-2024-47187Oct 16, 2024
    risk 0.00cvss epss 0.00

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset…

  • CVE-2024-45797Oct 16, 2024
    risk 0.00cvss epss 0.01

    LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is…

  • CVE-2024-45796Oct 16, 2024
    risk 0.00cvss epss 0.00

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft packets to trigger this…

  • CVE-2024-45795Oct 16, 2024
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to…

  • CVE-2024-38536Jul 11, 2024
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.

  • CVE-2024-38535Jul 11, 2024
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

  • CVE-2024-38534Jul 11, 2024
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.

  • CVE-2024-37151Jul 11, 2024
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6…

  • CVE-2024-32867May 7, 2024
    risk 0.00cvss epss 0.01

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in…

Page 1 of 2