Primary

Context

Suricata Heap Use-After-Free Vulnerability in Alert Queue Management

Vulnerability

Patched

A heap use-after-free vulnerability has been identified in Suricata, a network IDS, IPS, and NSM engine, in versions prior to 8.0.3 and 7.0.14. The issue arises from an unsigned integer overflow during the alert queue expansion process, which can be triggered by generating excessive alerts for a single packet. This overflow leads to a use-after-free condition, allowing for potential memory corruption.

Impact

Exploitation of this vulnerability causes a heap use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution.

Remediation

Users can upgrade to Suricata versions 8.0.3 or 7.0.14, both of which include the necessary patch. Additionally, it is recommended not to run untrusted rulesets and to limit the number of signatures that can match the same packet to fewer than 65,536.

Added: Jan 27, 2026, 7:25 PM

Updated: Jan 27, 2026, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

7.9

relevance

2.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

7.9

relevance

2.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Suricata Heap Use-After-Free Vulnerability in Alert Queue Management

Vulnerability

Impact

Remediation

Affected Products

OISF Suricata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating