threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oisf suricata
Product
oisf suricata
85 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-31937
< 7.0.15
Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance
7.5
HIGH
CVE-2026-31935
< 7.0.15
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can
7.5
HIGH
CVE-2026-31934
>= 8.0.0 and < 8.0.4
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue w
7.5
HIGH
CVE-2026-31933
< 7.0.15
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to
7.5
HIGH
CVE-2026-31932
< 7.0.15
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to perf
7.5
HIGH
CVE-2026-31931
>= 8.0.0 and < 8.0.4
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can
7.5
HIGH
CVE-2026-22264
< 7.0.14
Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap
7.4
HIGH
CVE-2026-22263
>= 8.0.0 and < 8.0.3
Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers
5.3
MEDIUM
CVE-2026-22262
< 7.0.14
Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to version
5.9
MEDIUM
CVE-2026-22261
< 7.0.14
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especia
3.7
LOW
CVE-2026-22260
>= 8.0.0 and < 8.0.3
Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a sta
7.5
HIGH
CVE-2026-22259
< 7.0.14
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to
7.5
HIGH
CVE-2026-22258
< 7.0.14
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to ex
7.5
HIGH
CVE-2025-64344
< 7.0.13
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-64335
>= 8.0.0 and < 8.0.2
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-64334
>= 8.0.0 and < 8.0.2
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-64333
< 7.0.13
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-64332
< 7.0.13
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-64331
< 7.0.13
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-64330
< 7.0.13
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-59150
all versions
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-59149
all versions
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
6.2
MEDIUM
CVE-2025-59148
all versions
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-59147
< 7.0.12
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-53538
< 7.0.11
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata commun
7.5
HIGH
CVE-2025-29918
< 7.0.9
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule
6.2
MEDIUM
CVE-2025-29917
< 7.0.9
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes se
6.2
MEDIUM
CVE-2025-29916
< 7.0.9
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets dec
6.2
MEDIUM
CVE-2025-29915
< 7.0.9
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKE
7.5
HIGH
CVE-2024-55629
< 7.0.8
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0
7.5
HIGH
CVE-2024-55628
< 7.0.8
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ver
7.5
HIGH
CVE-2024-55627
< 7.0.8
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0
5.9
MEDIUM
CVE-2024-55626
< 7.0.8
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0
3.3
LOW
CVE-2024-55605
< 7.0.8
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0
7.5
HIGH
CVE-2024-47522
< 7.0.7
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ver
7.5
HIGH
CVE-2024-47188
< 7.0.7
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ver
7.5
HIGH
CVE-2024-47187
< 7.0.7
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ver
7.5
HIGH
CVE-2024-45796
< 7.0.7
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ver
5.3
MEDIUM
CVE-2024-45795
< 7.0.7
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ver
7.5
HIGH
CVE-2024-38536
< 7.0.6
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory all
7.5
HIGH
CVE-2024-38535
< 6.0.20
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can
7.5
HIGH
CVE-2024-38534
< 7.0.6
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modb
7.5
HIGH
CVE-2024-37151
>= 6.0.0 and < 6.0.20
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling
5.3
MEDIUM
CVE-2024-32867
>= 6.0.0 and < 6.0.19
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0
5.3
MEDIUM
CVE-2024-32664
>= 6.0.0 and < 6.0.19
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0
5.3
MEDIUM
CVE-2024-32663
>= 6.0.0 and < 6.0.19
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0
7.5
HIGH
CVE-2024-28870
< 6.0.17
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by
7.5
HIGH
CVE-2024-24568
>= 7.0.0 and < 7.0.3
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.
5.3
MEDIUM
CVE-2024-23839
>= 7.0.0 and < 7.0.3
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.
7.1
HIGH
CVE-2024-23836
< 6.0.16
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ver
7.5
HIGH
CVE-2024-23835
>= 7.0.0 and < 7.0.3
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ve
7.5
HIGH
CVE-2023-35853
< 6.0.13
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addr
9.8
CRITICAL
CVE-2023-35852
< 6.0.13
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes fr
7.5
HIGH
CVE-2020-19678
all versions
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to ob
7.5
HIGH
CVE-2021-45098
< 6.0.4
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP pac
7.5
HIGH
CVE-2021-37592
< 5.0.8
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain seq
9.8
CRITICAL
CVE-2021-35063
< 5.0.7
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
7.5
HIGH
CVE-2019-18625
all versions
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session
7.5
HIGH
CVE-2019-18792
>= 4.1.5 and < 4.1.6
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment wit
9.1
CRITICAL
CVE-2019-17420
all versions
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header
5.3
MEDIUM
CVE-2019-16411
all versions
An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptVal
9.8
CRITICAL
CVE-2019-16410
all versions
An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c
9.1
CRITICAL
CVE-2019-15699
all versions
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser functi
9.1
CRITICAL
CVE-2019-10056
all versions
An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that
7.5
HIGH
CVE-2019-10055
all versions
An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading
7.5
HIGH
CVE-2019-10054
all versions
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It cau
7.5
HIGH
CVE-2019-10052
all versions
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part
7.5
HIGH
CVE-2019-10051
all versions
An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk
7.5
HIGH
CVE-2019-1010279
< 4.1.3
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass
7.5
HIGH
CVE-2019-1010251
all versions
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The
7.5
HIGH
CVE-2019-10053
>= 4.1.0 and < 4.1.4
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n chara
9.8
CRITICAL
CVE-2019-10050
>= 4.0.0 and < 4.1.4
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is c
7.5
HIGH
CVE-2018-10244
all versions
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read b
9.8
CRITICAL
CVE-2018-10242
all versions
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to rea
7.5
HIGH
CVE-2018-18956
>= 4.0.0 and < 4.0.6
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of ser
7.5
HIGH
CVE-2018-14568
< 4.0.5
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP c
7.5
HIGH
CVE-2016-10728
< 3.1.2
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_cl
5.3
MEDIUM
CVE-2018-1000167
all versions
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used
7.8
HIGH
CVE-2018-6794
< 4.0.4
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server break
5.3
MEDIUM
CVE-2017-15377
<= 3.2.4
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certa
7.5
HIGH
CVE-2015-8954
<= 2.0.5
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remot
9.8
CRITICAL
CVE-2017-7177
<= 3.2
Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matc
7.5
HIGH
CVE-2015-0971
<= 2.0.7
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TL
CVE-2014-6603
<= 2.0.3-2
The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules,
CVE-2013-5919
all versions
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin