SB2025100348 - Multiple vulnerabilities in Suricata

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2025-59150)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the "tls.subjectaltname" keyword. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

2) Incomplete Model of Endpoint Features (CVE-ID: CVE-2025-59147)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to incomplete model of endpoint features. A remote attacker can send multiple SYN packets with different sequence numbers and cause detection and logging bypass.

3) NULL pointer dereference (CVE-ID: CVE-2025-59148)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the entropy keyword. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

4) Stack-based buffer overflow (CVE-ID: CVE-2025-59149)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the ldap.responses.attribute_type keyword. A local attacker can trigger stack-based buffer overflow and cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

• https://github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3
• https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r
• https://github.com/OISF/suricata/security/advisories/GHSA-5qf6-92xg-3rr3
• https://github.com/OISF/suricata/security/advisories/GHSA-vxcg-38x4-gj7j