Primary

Context

Suricata Stack Overflow Vulnerability in SWF Decompression Allowing Denial-of-Service

Vulnerability

Patched

A stack overflow vulnerability has been identified in Suricata, a network IDS, IPS, and NSM engine, prior to versions 7.0.13 and 8.0.2. This vulnerability can cause Suricata to crash when SWF decompression is enabled. The issue arises from improper handling of larger compressed data, leading to a stack overflow.

Impact

Exploitation of this vulnerability causes Suricata to crash, creating a denial-of-service condition.

Remediation

Users can update to Suricata versions 7.0.13 or 8.0.2 to address this vulnerability. Alternatively, SWF decompression can be disabled in the suricata.yaml configuration file, where it is turned off by default. If SWF decompression must be enabled, the 'decompress-depth' setting should be adjusted to less than half the stack size.

Added: Nov 26, 2025, 11:22 PM

Updated: Nov 26, 2025, 11:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

8.3

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

8.3

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Suricata Stack Overflow Vulnerability in SWF Decompression Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

OISF Suricata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating