CNNVD-202601-4472 Information
CNNVD ID
CNNVD-202601-4472
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
Suricata是Open Information Security基金会的一个网络IDS、IPS和NSM引擎。 Suricata 8.0.3之前版本和7.0.14之前版本存在资源管理错误漏洞,该漏洞源于生成单个数据包过多警报时可能发生无符号整数溢出,导致堆释放后重用。
Description (English)
Suricata is a web-based IDS, IPS and NSM engine of the Open Information Security Foundation. There was a resource management error gap in previous versions of Suricata 8.3 and before version 7.0.14, which resulted from the possibility of an integer integer spill when an individual package was over-alarmed, leading to re-use of the pile after release.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
Open Information Security
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/OISF/suricata/commit/549d7bf60616de8e54686a188196453b5b22f715 https://github.com/OISF/suricata/commit/5789a3d3760dbf33d93fc56c27bd9529e5bdc8f2 https://github.com/OISF/suricata/commit/ac1eb394181530430fb7262969f423a1bf8f209b https://github.com/OISF/suricata/security/advisories/GHSA-mqr8-m3m4-2hw5 https://redmine.openinfosecfoundation.org/issues/8190 https://access.redhat.com/security/cve/cve-2026-22264
Patch
https://github.com/OISF/suricata/releases
Share on: