Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: suricata

Found 13 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-22259
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 4 weeks ago
  • @LeSuisse accepted 2 months, 3 weeks ago
  • @LeSuisse published on GitHub 2 months, 3 weeks ago
Suricata dnp3: unbounded transaction growth

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting killed by the OOM killer. Versions 8.0.3 or 7.0.14 contain a patch. As a workaround, disable the DNP3 parser in the suricata yaml (disabled by default).

Affected products

suricata
  • ==< 7.0.14
  • ==>= 8.0.0, < 8.0.3

Matching in nixpkgs

pkgs.suricata

Free and open source, mature, fast and robust network threat detection engine

Package maintainers

Upstream advisory: https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9
Dismissed
Permalink CVE-2026-22263
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 3 months ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Suricata http1: quadratic complexity in headers parsing over multiple packets

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available.

Affected products

suricata
  • ==>= 8.0.0, < 8.0.3

Matching in nixpkgs

pkgs.suricata

Free and open source, mature, fast and robust network threat detection engine

Package maintainers

Supported branches are <= 8.0
Dismissed
Permalink CVE-2026-22260
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 2 months, 4 weeks ago
  • @LeSuisse accepted 2 months, 3 weeks ago
  • @LeSuisse dismissed 2 months, 3 weeks ago
Suricata http1: infinite recursion in decompression

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for `request-body-limit` and `response-body-limit`.

Affected products

suricata
  • ==>= 8.0.0, < 8.0.3

Matching in nixpkgs

pkgs.suricata

Free and open source, mature, fast and robust network threat detection engine

Package maintainers

Supported branches are <= 8.0