Primary

Context

Suricata Infinite Loop Vulnerability in PCRE Rule Processing

Vulnerability

Patched

A vulnerability in Suricata's handling of PCRE (Perl Compatible Regular Expressions) rules can lead to an infinite loop, particularly when negated PCRE is used. This issue occurs in versions of Suricata prior to 7.0.9. The vulnerability arises because negated PCRE should only be evaluated once, unlike regular PCRE, which can assess multiple occurrences. When exploited, the packet processing thread becomes trapped in the loop, disrupting visibility and availability, especially in inline mode.

Impact

Exploitation of this vulnerability causes the packet processing thread to become stuck in an infinite loop, which limits visibility and availability in inline mode.

Remediation

Users are advised to upgrade to Suricata version 7.0.9 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Suricata Infinite Loop Vulnerability in PCRE Rule Processing

Vulnerability

Impact

Remediation

Affected Products

OISF Suricata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating