Primary

Context

Suricata NULL Dereference Vulnerability in TLS ALPN Rule Keyword

Vulnerability

Patched

A NULL dereference vulnerability has been identified in Suricata, a network IDS, IPS, and NSM engine, affecting versions 8.0.0 prior to 8.0.4. The issue arises when the 'tls.alpn' rule keyword is used, leading to a crash. This vulnerability has been patched in Suricata version 8.0.4.

Impact

Exploitation of this vulnerability causes Suricata to crash due to a NULL dereference, disrupting its network monitoring and intrusion detection capabilities.

Remediation

Users can upgrade to Suricata version 8.0.4 to address this vulnerability. Alternatively, rules using the 'tls.alpn' keyword can be disabled, although no known rules in common rulesets currently use this keyword.

Added: Apr 2, 2026, 2:29 PM

Updated: Apr 2, 2026, 2:29 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

8.3

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

8.3

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Suricata NULL Dereference Vulnerability in TLS ALPN Rule Keyword

Vulnerability

Impact

Remediation

Affected Products

Suricata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating