Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

suricata — Vulnerabilities & Security Advisories 53

All 53 CVE vulnerabilities found in suricata, with AI-generated Chinese analysis, references, and POCs.

This page serves as a centralized aggregation hub for known vulnerabilities affecting the Suricata intrusion detection and prevention system, categorizing security weaknesses by their specific types and associated tags. It compiles a comprehensive dataset of flaw reports spanning from the initial public disclosure of early security issues up to the most recently published alerts, ensuring that users have access to a historical and current view of the threat landscape. By utilizing this resource, analysts and administrators can efficiently track vendor advisories related to Suricata to stay informed about critical patches and configuration changes. Users can also gain a deeper understanding of specific weakness classes, such as buffer overflows or logic errors, by examining how they manifest within this particular network security appliance. Furthermore, the page enables detailed investigation into a product’s vulnerability history, allowing teams to assess long-term security trends and prioritize remediation efforts based on risk severity and exploitability. This structured approach supports proactive security management by providing clear visibility into past incidents and ongoing threats, helping organizations maintain the integrity and resilience of their network monitoring infrastructure against evolving cyber risks.

Vendor: Open Information Security Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-31937 Suricata dcerpc: quadratic complexity in dcerpc buffering CWE-407 7.5 High2026-04-02
CVE-2026-31935 Suricata http2: unbounded resource consumption CWE-400 7.5 High2026-04-02
CVE-2026-31934 Suricata smtp/mine: quadratic complexity in extracting urls CWE-407 7.5 High2026-04-02
CVE-2026-31933 Suricata stream: quadratic complexity in stream inspection CWE-407 7.5 High2026-04-02
CVE-2026-31932 Suricata krb5: quadratic complexity in krb5 buffering CWE-407 7.5 High2026-04-02
CVE-2026-31931 Suricata tls: null dereference in tls.alpn rule keyword CWE-476 7.5 High2026-04-02
CVE-2026-22264 Suricata detect/alert: heap-use-after-free on alert queue expansion CWE-416 7.4 High2026-01-27
CVE-2026-22263 Suricata http1: quadratic complexity in headers parsing over multiple packets CWE-1050 5.3 Medium2026-01-27
CVE-2026-22262 Suricata datasets: stack overflow when saving a set CWE-121 5.9 Medium2026-01-27
CVE-2026-22261 Suricata eve/alert: http1 xff handling can lead to denial of service CWE-1050 3.7 Low2026-01-27
CVE-2026-22260 Suricata http1: infinite recursion in decompression CWE-674 7.5 High2026-01-27
CVE-2026-22259 Suricata dnp3: unbounded transaction growth CWE-400 7.5 High2026-01-27
CVE-2026-22258 Suricata DCERPC: unbounded fragment buffering leads to memory exhaustion CWE-400 7.5 High2026-01-27
CVE-2025-64344 Suricata is vulnerable to a stack overflow from unbounded stack allocation in LuaPushStringBuffer CWE-121 7.5 High2025-11-26
CVE-2025-64330 Suricata is vulnerable to a heap buffer overflow on verdict CWE-122 7.5 High2025-11-26
CVE-2025-64331 Suricata is vulnerable to a stack overflow on large file transfers with http-body-printable CWE-121 7.5 High2025-11-26
CVE-2025-64332 Suricata is vulnerable to a stack overflow on larger compressed data CWE-121 7.5 High2025-11-26
CVE-2025-64333 Suricata is vulnerable to a stack overflow from big content-type CWE-121 7.5 High2025-11-26
CVE-2025-64335 Suricata is vulnerable to a null deref when used with base64_data CWE-476 7.5 High2025-11-26
CVE-2025-64334 Suricata is vulnerable to unbounded memory growth for decompression CWE-770 7.5 High2025-11-26
CVE-2025-59150 Suricata: Keyword tls.subjectaltname can lead to NULL-ptr deref CWE-476 7.5 High2025-10-01
CVE-2025-59149 Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms CWE-121 6.2 Medium2025-10-01
CVE-2025-59148 Suricata's improper use of entropy keyword can lead to a NULL-ptr deref CWE-476 7.5 High2025-10-01
CVE-2025-59147 Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets CWE-358 7.5 High2025-10-01
CVE-2025-53538 Suricata's mishandling of data on HTTP2 stream 0 can lead to resource starvation CWE-770 7.5 High2025-07-22
CVE-2025-29918 Suricata pcre: negated pcr can cause infinite loop CWE-835 6.2 Medium2025-04-10
CVE-2025-29917 Suricata decode_base64: signature can do large memory allocation CWE-770 6.2 Medium2025-04-10
CVE-2025-29916 Suricata datasets: ruleset declared settings can lead to resource starvation CWE-770 6.2 Medium2025-04-10
CVE-2025-29915 Suricata af-packet: defrag option can lead to truncated packets affecting visibility CWE-347 7.5 High2025-04-10
CVE-2024-55629 Suricata generic detection bypass using TCP urgent support CWE-437 7.5 High2025-01-06

All 53 known CVE vulnerabilities affecting suricata with full Chinese analysis, references, and POCs where available.