Primary

Context

Suricata Hash Size Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Suricata versions prior to 7.0.9. The issue arises from the improper limitation of hash size settings in datasets declared by rules. This flaw can be exploited by untrusted rules, leading to excessive memory allocations and resource starvation.

Impact

Exploitation of this vulnerability can cause significant memory consumption, potentially leading to resource exhaustion and denial-of-service conditions.

Remediation

Users are advised to upgrade to Suricata version 7.0.9 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Suricata Hash Size Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

OISF Suricata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating