Philippe Antoine

55 exploits Active since Apr 2020
CVE-2026-22262 WRITEUP MEDIUM WRITEUP
Suricata < 7.0.14 - Stack-based Buffer Overflow via Dataset Save
Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options.
CVSS 5.9
CVE-2020-11939 WRITEUP CRITICAL WRITEUP
ntop nDPI < 3.2 - Remote Code Execution via SSH KEXINIT Integer Overflow
In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis.
CVSS 9.8
CVE-2020-11940 WRITEUP HIGH WRITEUP
nDPI < 3.2 - Out-of-bounds Read in SSH Protocol Parser
In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.
CVSS 7.5
CVE-2020-15476 WRITEUP HIGH WRITEUP
ntop nDPI < 3.2 - Heap-Based Buffer Over-Read in Oracle Protocol Dissector
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
CVSS 7.5
CVE-2024-23835 WRITEUP HIGH WRITEUP
Suricata 7.0.0-7.0.2 - Denial of Service via PostgreSQL Parser Memory Exhaustion
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.
CVSS 7.5
CVE-2024-23836 WRITEUP HIGH WRITEUP
Suricata < 6.0.16 and 7.0.3 - Denial of Service via Resource Exhaustion
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.
CVSS 7.5
CVE-2024-23837 WRITEUP HIGH WRITEUP
libhtp < 0.5.46 - Denial of Service via HTTP Header Processing
LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.
CVSS 7.5
CVE-2024-23839 WRITEUP HIGH WRITEUP
Suricata 7.0.0-7.0.2 - Use-After-Free via HTTP Header Keyword
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
CVSS 7.1
CVE-2024-24568 WRITEUP MEDIUM WRITEUP
Suricata 7.0.0-7.0.2 - Improper Access Control via HTTP2 Header Inspection Bypass
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
CVSS 5.3
CVE-2024-28871 WRITEUP HIGH WRITEUP
libhtp 0.5.46 - Denial of Service via Malformed Request Parsing
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.
CVSS 7.5
CVE-2024-32663 WRITEUP HIGH WRITEUP
Suricata 6.0.0-6.0.18 - Denial of Service via HTTP/2 Memory Exhaustion
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).
CVSS 7.5
CVE-2024-32664 WRITEUP MEDIUM WRITEUP
Suricata 6.0.0-6.0.18 - Heap-based Buffer Overflow via base64_decode with bytes Option
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.
CVSS 5.3
CVE-2024-38534 WRITEUP HIGH WRITEUP
Suricata < 7.0.6 - Denial of Service via Crafted Modbus Traffic
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.
CVSS 7.5
CVE-2024-38535 WRITEUP HIGH WRITEUP
Suricata <6.0.20-7.0.6 - Memory Corruption
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
CVSS 7.5
CVE-2024-55626 WRITEUP LOW WRITEUP
Suricata < 7.0.8 - Buffer Overflow via Large BPF Filter File
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8.
CVSS 3.3
CVE-2024-55627 WRITEUP MEDIUM WRITEUP
Suricata < 7.0.8 - Integer Underflow in TCP Stream Handling
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8.
CVSS 5.9
CVE-2025-29916 WRITEUP MEDIUM WRITEUP
Suricata < 7.0.9 - Denial of Service via Unbounded Hash Table Allocation
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.
CVSS 6.2
CVE-2025-29917 WRITEUP MEDIUM WRITEUP
Suricata < 7.0.9 - Denial of Service via Base64 Decode Bytes Setting
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread. This vulnerability is fixed in 7.0.9.
CVSS 6.2
CVE-2025-29918 WRITEUP MEDIUM WRITEUP
Suricata < 7.0.9 - Denial of Service via Negated PCRE Rule Infinite Loop
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9.
CVSS 6.2
CVE-2025-53537 WRITEUP HIGH WRITEUP
LibHTP < 0.5.51 - Memory Leak via LZMA Decompression
LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false. This issue is fixed in version 0.5.51.
CVSS 7.5
CVE-2025-53538 WRITEUP HIGH WRITEUP
Suricata <7.0.10 and <8.0.0-rc1 - Memory Corruption
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of visibility. Workarounds include disabling the HTTP/2 parser, and using a signature like drop http2 any any -> any any (frame:http2.hdr; byte_test:1,=,0,3; byte_test:4,=,0,5; sid: 1;) where the first byte test tests the HTTP2 frame type DATA and the second tests the stream id 0. This is fixed in versions 7.0.11 and 8.0.0.
CVSS 7.5
CVE-2025-59150 WRITEUP HIGH WRITEUP
Suricata 8.0.0 - Denial of Service via TLS SubjectAltName NULL Byte Handling
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.
CVSS 7.5
CVE-2025-64332 WRITEUP HIGH WRITEUP
Suricata < 7.0.13 - Denial of Service via SWF Decompression
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling SWF decompression (swf-decompression in suricata.yaml), it is disabled by default; set decompress-depth to lower than half your stack size if swf-decompression must be enabled.
CVSS 7.5
CVE-2025-64334 WRITEUP HIGH WRITEUP
Suricata 8.0.0-8.0.1 - Denial of Service via HTTP Compression Decompression
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2. A workaround involves disabling LZMA decompression or limiting response-body-limit size.
CVSS 7.5
CVE-2025-64335 WRITEUP HIGH WRITEUP
Suricata 8.0.0-8.0.2 - NULL Pointer Dereference via Entropy Keyword with base64_data
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
CVSS 7.5