CVE-2025-29916 MEDIUM

CVE-2025-29916: Suricata datasets: ruleset declared settings can lead to resource starvation

Vendor Oisf
Product suricata
Weakness CWE-770 · Uncontrolled resource consumption
Published April 10, 2025
Last update April 10, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9.

Key dates

02Disclosure timeline

April 10, 2025 CVE published
April 10, 2025 Record updated