CVE-2025-29916

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-29916

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-29916.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-29916

Aliases

GHSA-27g3-pmvp-j9cv

Downstream

DEBIAN-CVE-2025-29916

UBUNTU-CVE-2025-29916

Published

2025-04-10T20:03:16Z

Modified

2025-10-14T14:33:30Z

Severity

6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Suricata datasets: ruleset declared settings can lead to resource starvation

Details

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the hashsize to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.

References

Affected packages

Git /

Affected ranges

Database specific

{
    "unresolved_versions": [
        {
            "type": "",
            "events": [
                {
                    "introduced": "0"
                },
                {
                    "fixed": "7.0.9"
                }
            ]
        }
    ]
}