CVE-2025-59149
- Source
- https://cve.org/CVERecord?id=CVE-2025-59149
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59149.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-59149
- Aliases
-
- GHSA-vxcg-38x4-gj7j
- Downstream
- Related
- Published
- 2025-10-01T20:07:44.042Z
- Modified
- 2026-04-02T12:56:47.536964Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms
- Details
-
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attributetype (which is long) with transforms can lead to a stack buffer overflow during Suricata startup or during a rule reload. This issue is fixed in version 8.0.1. To workaround this issue, users can disable rules with ldap.responses.attributetype and transforms.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-121" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59149.json" }- References
-
- https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018
- https://redmine.openinfosecfoundation.org/issues/7861
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59149.json
- https://github.com/OISF/suricata/security/advisories/GHSA-vxcg-38x4-gj7j
- https://nvd.nist.gov/vuln/detail/CVE-2025-59149
- https://github.com/OISF/suricata/commit/38a2cba5c397002047d84645f5ab770ff88020e1