Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OISF — Vulnerabilities & Security Advisories 55

Browse all 55 CVE security advisories affecting OISF. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Open Information Security Foundation (OISF) develops and maintains Suricata, an open-source network intrusion detection and prevention system widely deployed for real-time traffic analysis. With fifty-five recorded Common Vulnerabilities and Exposures, the organization’s software has historically been susceptible to remote code execution, buffer overflow, and denial-of-service flaws, often stemming from complex packet parsing logic. These vulnerabilities occasionally allow attackers to crash the service or execute arbitrary commands on affected hosts. While no catastrophic data breaches directly attributed to OISF have been publicly documented, the high volume of CVEs highlights the inherent risks in maintaining large-scale, C-based security infrastructure. The foundation addresses these issues through regular updates and community-driven patching, emphasizing transparency in its security response process.

Top products by OISF: suricata libhtp
CVE IDTitleCVSSSeverityPublished
CVE-2026-31937 Suricata dcerpc: quadratic complexity in dcerpc buffering — suricataCWE-407 7.5 High2026-04-02
CVE-2026-31935 Suricata http2: unbounded resource consumption — suricataCWE-400 7.5 High2026-04-02
CVE-2026-31934 Suricata smtp/mine: quadratic complexity in extracting urls — suricataCWE-407 7.5 High2026-04-02
CVE-2026-31933 Suricata stream: quadratic complexity in stream inspection — suricataCWE-407 7.5 High2026-04-02
CVE-2026-31932 Suricata krb5: quadratic complexity in krb5 buffering — suricataCWE-407 7.5 High2026-04-02
CVE-2026-31931 Suricata tls: null dereference in tls.alpn rule keyword — suricataCWE-476 7.5 High2026-04-02
CVE-2026-22264 Suricata detect/alert: heap-use-after-free on alert queue expansion — suricataCWE-416 7.4 High2026-01-27
CVE-2026-22263 Suricata http1: quadratic complexity in headers parsing over multiple packets — suricataCWE-1050 5.3 Medium2026-01-27
CVE-2026-22262 Suricata datasets: stack overflow when saving a set — suricataCWE-121 5.9 Medium2026-01-27
CVE-2026-22261 Suricata eve/alert: http1 xff handling can lead to denial of service — suricataCWE-1050 3.7 Low2026-01-27
CVE-2026-22260 Suricata http1: infinite recursion in decompression — suricataCWE-674 7.5 High2026-01-27
CVE-2026-22259 Suricata dnp3: unbounded transaction growth — suricataCWE-400 7.5 High2026-01-27
CVE-2026-22258 Suricata DCERPC: unbounded fragment buffering leads to memory exhaustion — suricataCWE-400 7.5 High2026-01-27
CVE-2025-64344 Suricata is vulnerable to a stack overflow from unbounded stack allocation in LuaPushStringBuffer — suricataCWE-121 7.5 High2025-11-26
CVE-2025-64330 Suricata is vulnerable to a heap buffer overflow on verdict — suricataCWE-122 7.5 High2025-11-26
CVE-2025-64331 Suricata is vulnerable to a stack overflow on large file transfers with http-body-printable — suricataCWE-121 7.5 High2025-11-26
CVE-2025-64332 Suricata is vulnerable to a stack overflow on larger compressed data — suricataCWE-121 7.5 High2025-11-26
CVE-2025-64333 Suricata is vulnerable to a stack overflow from big content-type — suricataCWE-121 7.5 High2025-11-26
CVE-2025-64335 Suricata is vulnerable to a null deref when used with base64_data — suricataCWE-476 7.5 High2025-11-26
CVE-2025-64334 Suricata is vulnerable to unbounded memory growth for decompression — suricataCWE-770 7.5 High2025-11-26
CVE-2025-59150 Suricata: Keyword tls.subjectaltname can lead to NULL-ptr deref — suricataCWE-476 7.5 High2025-10-01
CVE-2025-59149 Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms — suricataCWE-121 6.2 Medium2025-10-01
CVE-2025-59148 Suricata's improper use of entropy keyword can lead to a NULL-ptr deref — suricataCWE-476 7.5 High2025-10-01
CVE-2025-59147 Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets — suricataCWE-358 7.5 High2025-10-01
CVE-2025-53537 LibHTP's memory leak with lzma can lead to resource starvation — libhtpCWE-401 7.5 High2025-07-23
CVE-2025-53538 Suricata's mishandling of data on HTTP2 stream 0 can lead to resource starvation — suricataCWE-770 7.5 High2025-07-22
CVE-2025-29918 Suricata pcre: negated pcr can cause infinite loop — suricataCWE-835 6.2 Medium2025-04-10
CVE-2025-29917 Suricata decode_base64: signature can do large memory allocation — suricataCWE-770 6.2 Medium2025-04-10
CVE-2025-29916 Suricata datasets: ruleset declared settings can lead to resource starvation — suricataCWE-770 6.2 Medium2025-04-10
CVE-2025-29915 Suricata af-packet: defrag option can lead to truncated packets affecting visibility — suricataCWE-347 7.5 High2025-04-10

This page lists every published CVE security advisory associated with OISF. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.