CVE-2025-29918

MEDIUM

Suricata <7.0.9 - Use After Free

Title source: llm

Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9.

References (4)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html

[Vendor Advisory] https://github.com/OISF/suricata/security/advisories/GHSA-924c-vvm5-9mqx

[Patch] https://github.com/OISF/suricata/commit/b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b

View Patch ZIP pw:eip

[Permissions Required] https://redmine.openinfosecfoundation.org/issues/7526

Scores

CVSS v3 6.2

EPSS 0.0009

EPSS Percentile 26.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-835

Status published

Products (1)

oisf/suricata < 7.0.9

Published Apr 10, 2025

Tracked Since Feb 18, 2026