Primary

Context

Suricata Heap Overflow Vulnerability in Alert Logging Prior to 7.0.13 and 8.0.2

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in Suricata, a network IDS, IPS, and NSM engine, prior to versions 7.0.13 and 8.0.2. This vulnerability occurs when logging verdicts in 'eve.alert' and 'eve.drop' records, leading to crashes. Exploitation requires the per-packet alert queue to be filled with alerts, followed by a 'pass' rule.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, leading to crashes.

Remediation

Users can upgrade to Suricata versions 7.0.13 or 8.0.2 to address this vulnerability. The 'verdict' option, which is disabled by default, can be turned off if it has been enabled. Additionally, increasing the alert queue size in the 'suricata.yaml' configuration file can reduce the likelihood of this issue occurring.

Added: Nov 26, 2025, 11:23 PM

Updated: Nov 26, 2025, 11:23 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.0

remediation

8.3

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.0

remediation

8.3

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Suricata Heap Overflow Vulnerability in Alert Logging Prior to 7.0.13 and 8.0.2

Vulnerability

Impact

Remediation

Affected Products

OISF Suricata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating