oisf suricata Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of oisf suricata's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High38

Medium12

Low2

28 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of oisf suricata's CVEs are currently listed in CISA's KEV catalog.

Public exploits

3 of oisf suricata's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every oisf suricata version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

suricata-0.8.249 CVEs
suricata-1.0.049 CVEs
suricata-1.0.149 CVEs
suricata-1.0.248 CVEs
suricata-1.148 CVEs
suricata-1.1beta148 CVEs
suricata-1.1beta248 CVEs
suricata-1.1beta348 CVEs
suricata-1.1rc148 CVEs
suricata-1.248 CVEs
suricata-1.2.148 CVEs
suricata-1.2beta148 CVEs
suricata-1.2rc148 CVEs
suricata-1.348 CVEs
suricata-1.3.148 CVEs
suricata-1.3beta148 CVEs
suricata-1.3beta248 CVEs
suricata-1.3rc148 CVEs
suricata-1.448 CVEs
suricata-1.4beta148 CVEs
suricata-1.4beta248 CVEs
suricata-1.4beta348 CVEs
suricata-1.4rc148 CVEs
suricata-2.048 CVEs
suricata-2.0.148 CVEs
suricata-2.0.1rc148 CVEs
suricata-2.0.248 CVEs
suricata-2.0beta148 CVEs
suricata-2.0beta248 CVEs
suricata-2.0rc148 CVEs
suricata-2.0rc248 CVEs
suricata-2.0rc348 CVEs
suricata-2.1beta148 CVEs
suricata-2.1beta248 CVEs
suricata-2.1beta348 CVEs
suricata-2.1beta448 CVEs
suricata-3.048 CVEs
suricata-3.0.148 CVEs
suricata-3.0.1RC148 CVEs
suricata-3.0RC148 CVEs
suricata-3.0RC248 CVEs
suricata-3.0RC348 CVEs
suricata-3.148 CVEs
suricata-3.1.148 CVEs
suricata-3.1RC148 CVEs
suricata-3.1.247 CVEs
suricata-3.247 CVEs
suricata-3.2beta147 CVEs
suricata-3.2RC147 CVEs
suricata-4.0.047 CVEs
suricata-4.0.147 CVEs
suricata-3.2.146 CVEs
suricata-4.0.0-beta145 CVEs
suricata-4.0.0-rc145 CVEs
suricata-4.0.0-rc245 CVEs
suricata-4.1.044 CVEs
suricata-4.1.0-beta144 CVEs
suricata-4.1.144 CVEs
suricata-4.1.244 CVEs
suricata-4.1.0-rc143 CVEs
suricata-4.1.0-rc243 CVEs
suricata-6.0.038 CVEs
suricata-6.0.138 CVEs
suricata-7.0.036 CVEs
suricata-7.0.136 CVEs
suricata-7.0.236 CVEs
suricata-5.0.033 CVEs
suricata-5.0.0-beta133 CVEs
suricata-5.0.0-rc133 CVEs
suricata-5.0.132 CVEs
suricata-6.0.0-beta132 CVEs
suricata-6.0.0-rc132 CVEs
suricata-7.0.329 CVEs
suricata-7.0.428 CVEs
suricata-7.0.0-beta126 CVEs
suricata-7.0.0-rc126 CVEs
suricata-7.0.0-rc226 CVEs
suricata-7.0.525 CVEs
suricata-8.0.022 CVEs
suricata-7.0.621 CVEs
suricata-7.0.716 CVEs
suricata-8.0.116 CVEs
suricata-6.0.214 CVEs
suricata-6.0.313 CVEs
suricata-4.1.312 CVEs
suricata-6.0.1011 CVEs
suricata-6.0.1111 CVEs
suricata-6.0.1211 CVEs
suricata-6.0.411 CVEs
suricata-6.0.511 CVEs
suricata-6.0.611 CVEs
suricata-6.0.711 CVEs
suricata-6.0.811 CVEs
suricata-6.0.911 CVEs
suricata-7.0.811 CVEs
suricata-6.0.139 CVEs
suricata-6.0.149 CVEs
suricata-6.0.159 CVEs
suricata-8.0.29 CVEs
suricata-6.0.168 CVEs
suricata-4.0.27 CVEs
suricata-6.0.177 CVEs
suricata-6.0.187 CVEs
suricata-7.0.107 CVEs
suricata-7.0.97 CVEs
suricata-4.0.36 CVEs
suricata-4.0.46 CVEs
suricata-4.1.46 CVEs
suricata-7.0.116 CVEs
suricata-8.0.0-beta16 CVEs
suricata-8.0.0-rc16 CVEs
< 7.0.135 CVEs
< 7.0.145 CVEs
< 8.0.25 CVEs
>= 8.0.0, < 8.0.35 CVEs
suricata-7.0.125 CVEs
suricata-7.0.135 CVEs
suricata-6.0.194 CVEs
< 7.0.153 CVEs
>= 6.0.0, <= 6.0.183 CVEs
>= 7.0.0, <= 7.0.43 CVEs
>= 8.0.0, < 8.0.43 CVEs
suricata-3.2.23 CVEs
suricata-3.2.33 CVEs
suricata-3.2.43 CVEs
suricata-4.0.53 CVEs
suricata-1.0.32 CVEs
suricata-1.0.42 CVEs
suricata-1.0.52 CVEs
suricata-1.1.12 CVEs
suricata-1.3.22 CVEs
suricata-1.3.32 CVEs
suricata-1.3.42 CVEs
suricata-1.3.52 CVEs
suricata-1.3.62 CVEs
suricata-1.4.12 CVEs
suricata-1.4.22 CVEs
suricata-1.4.32 CVEs
suricata-1.4.42 CVEs
suricata-1.4.52 CVEs
suricata-1.4.62 CVEs
suricata-1.4.72 CVEs
suricata-2.0.102 CVEs
suricata-2.0.112 CVEs
suricata-2.0.32 CVEs
suricata-2.0.42 CVEs
suricata-2.0.52 CVEs
suricata-2.0.62 CVEs
suricata-2.0.72 CVEs
suricata-2.0.82 CVEs
suricata-2.0.92 CVEs
suricata-3.0.22 CVEs
suricata-3.1.32 CVEs
suricata-3.1.42 CVEs
suricata-3.2.52 CVEs
suricata-4.0.62 CVEs
suricata-4.0.72 CVEs
suricata-4.1.102 CVEs
suricata-4.1.52 CVEs
suricata-4.1.62 CVEs
suricata-4.1.72 CVEs
suricata-4.1.82 CVEs
suricata-4.1.92 CVEs
suricata-5.0.102 CVEs
suricata-5.0.22 CVEs
suricata-5.0.32 CVEs
suricata-5.0.42 CVEs
suricata-5.0.52 CVEs
suricata-5.0.62 CVEs
suricata-5.0.72 CVEs
suricata-5.0.82 CVEs
suricata-5.0.92 CVEs
suricata-6.0.202 CVEs
suricata-8.0.32 CVEs
suricata-8.0.42 CVEs
< 7.0.121 CVE
< 6.0.161 CVE
< 6.0.201 CVE
< 7.0.111 CVE
<= 6.0.161 CVE
>= 6.0.0, < 6.0.201 CVE
>= 7.0.0, < 7.0.31 CVE
>= 7.0.0, < 7.0.61 CVE
>= 7.0.0, <= 7.0.31 CVE
>= 7.0.0,< 7.0.61 CVE
>= 8.0.0-beta1, < 8.0.01 CVE
>= 8.0.0, < 8.0.11 CVE
RELENG_2_1_01 CVE
RELENG_2_1_11 CVE
RELENG_2_1_21 CVE
RELENG_2_1_31 CVE
RELENG_2_1_51 CVE
Root_RELENG_1_21 CVE

Fixed in

3bd9f773bdc65d7bede2f0576790a68fb68b74767 CVEs
79db7b1ad444c76530c6eac8702c5e01b7c24a567 CVEs
8.0.27 CVEs
8.0.37 CVEs
163bd652dfa92959e918a952429b939fa81f7b885 CVEs
572a16fb5a28a582c6e219d946485d9778b640145 CVEs
7.0.135 CVEs
7.0.145 CVEs
7.0.75 CVEs
7.0.85 CVEs
8.0.45 CVEs
97e69ffb1bc2b7358115ee59f460a924893664e85 CVEs

Find a version

80 CVEs

Sort

Suricata dcerpc: quadratic complexity in dcerpc buffering
CVE-2026-31937
Patch
CWE-407
High · CVSS 7.5
EPSS 0.0% (5th pct)2026-04-02
Suricata http2: unbounded resource consumption
CVE-2026-31935
Patch
CWE-400
High · CVSS 7.5
EPSS 0.1% (18th pct)2026-04-02
Suricata smtp/mine: quadratic complexity in extracting urls
CVE-2026-31934
Patch
CWE-407
High · CVSS 7.5
EPSS 0.1% (18th pct)2026-04-02
Suricata stream: quadratic complexity in stream inspection
CVE-2026-31933
Patch
CWE-407
High · CVSS 7.5
EPSS 0.0% (5th pct)2026-04-02
Suricata krb5: quadratic complexity in krb5 buffering
CVE-2026-31932
Patch
CWE-407
High · CVSS 7.5
EPSS 0.1% (18th pct)2026-04-02
Suricata tls: null dereference in tls.alpn rule keyword
CVE-2026-31931
Patch
CWE-476
High · CVSS 7.5
EPSS 0.0% (6th pct)2026-04-02
Suricata detect/alert: heap-use-after-free on alert queue expansion
CVE-2026-22264
Patch
CWE-416
High · CVSS 7.4
EPSS 0.1% (30th pct)2026-01-27
Suricata http1: quadratic complexity in headers parsing over multiple packets
CVE-2026-22263
Patch
CWE-1050
Medium · CVSS 5.3
EPSS 0.0% (7th pct)2026-01-27
Suricata datasets: stack overflow when saving a set
CVE-2026-22262
Patch
CWE-121
Medium · CVSS 5.9
EPSS 0.1% (30th pct)2026-01-27
Suricata eve/alert: http1 xff handling can lead to denial of service
CVE-2026-22261
Patch
CWE-1050
Low · CVSS 3.7
EPSS 0.1% (27th pct)2026-01-27
Suricata http1: infinite recursion in decompression
CVE-2026-22260
Patch
CWE-674
High · CVSS 7.5
EPSS 0.0% (7th pct)2026-01-27
Suricata dnp3: unbounded transaction growth
CVE-2026-22259
Patch
CWE-400
High · CVSS 7.5
EPSS 0.1% (30th pct)2026-01-27
Suricata DCERPC: unbounded fragment buffering leads to memory exhaustion
CVE-2026-22258
Patch
CWE-400
High · CVSS 7.5
EPSS 0.1% (25th pct)2026-01-27
Suricata is vulnerable to a stack overflow from unbounded stack allocation in LuaPushStringBuffer
CVE-2025-64344
Patch
CWE-121
High · CVSS 7.5
EPSS 0.1% (22th pct)2025-11-26
Suricata is vulnerable to a heap buffer overflow on verdict
CVE-2025-64330
Patch
CWE-122
High · CVSS 7.5
EPSS 0.1% (23th pct)2025-11-26
Suricata is vulnerable to a stack overflow on large file transfers with http-body-printable
CVE-2025-64331
Patch
CWE-121
High · CVSS 7.5
EPSS 0.1% (22th pct)2025-11-26
Suricata is vulnerable to a stack overflow on larger compressed data
CVE-2025-64332
Patch
CWE-121
High · CVSS 7.5
EPSS 0.1% (23th pct)2025-11-26
Suricata is vulnerable to a stack overflow from big content-type
CVE-2025-64333
Patch
CWE-121
High · CVSS 7.5
EPSS 0.1% (23th pct)2025-11-26
Suricata is vulnerable to a null deref when used with base64_data
CVE-2025-64335
Patch
CWE-476
High · CVSS 7.5
EPSS 0.1% (26th pct)2025-11-26
Suricata is vulnerable to unbounded memory growth for decompression
CVE-2025-64334
Patch
CWE-770
High · CVSS 7.5
EPSS 0.1% (18th pct)2025-11-26
Suricata: Keyword tls.subjectaltname can lead to NULL-ptr deref
CVE-2025-59150
Patch
CWE-476
High · CVSS 7.5
EPSS 0.2% (38th pct)2025-10-01
Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms
CVE-2025-59149
Patch
CWE-121
Medium · CVSS 6.2
EPSS 0.0% (7th pct)2025-10-01
Suricata's improper use of entropy keyword can lead to a NULL-ptr deref
CVE-2025-59148
Patch
CWE-476
High · CVSS 7.5
EPSS 0.1% (26th pct)2025-10-01
Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets
CVE-2025-59147
Patch
CWE-358
High · CVSS 7.5
EPSS 0.1% (16th pct)2025-10-01
Suricata's mishandling of data on HTTP2 stream 0 can lead to resource starvation
CVE-2025-53538
Patch
CWE-770
High · CVSS 7.5
EPSS 0.4% (62th pct)2025-07-22
Suricata pcre: negated pcr can cause infinite loop
CVE-2025-29918
Patch
CWE-835
Medium · CVSS 6.2
EPSS 0.1% (20th pct)2025-04-10
Suricata decode_base64: signature can do large memory allocation
CVE-2025-29917
Patch
CWE-770
Medium · CVSS 6.2
EPSS 0.1% (16th pct)2025-04-10
Suricata datasets: ruleset declared settings can lead to resource starvation
CVE-2025-29916
Patch
CWE-770
Medium · CVSS 6.2
EPSS 0.1% (16th pct)2025-04-10
Suricata af-packet: defrag option can lead to truncated packets affecting visibility
CVE-2025-29915
Patch
CWE-347
High · CVSS 7.5
EPSS 0.1% (27th pct)2025-04-10
High vulnerability · 2025-01-06
CVE-2024-55629
Patch
CWE-437
High · CVSS 7.5
EPSS 0.5% (67th pct)2025-01-06

Showing 30 of 80

Severity and exploitation

oisf suricata Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other oisf products

Frequently asked questions

How many CVEs does oisf suricata have?

How many oisf suricata CVEs are in CISA KEV?

Are there public exploits for oisf suricata vulnerabilities?

Which versions of oisf suricata are affected?

What are the most common weakness types in oisf suricata CVEs?

What is the average severity of oisf suricata CVEs?

References

Track oisf suricata vulnerabilities