CNNVD-202601-4473 Information
CNNVD ID
CNNVD-202601-4473
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
Suricata是Open Information Security基金会的一个网络IDS、IPS和NSM引擎。 Suricata 8.0.3之前版本和7.0.14之前版本存在安全漏洞,该漏洞源于xff处理存在低效问题,可能导致严重性能下降。
Description (English)
Suricata is a web-based IDS, IPS and NSM engine of the Open Information Security Foundation. There is a security loophole in previous versions of Suricata 8.0.3 and before version 7.0.14, which stems from the inefficiency of xff management, which may lead to a decline in critical performance.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Open Information Security
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/OISF/suricata/commit/3f0725b34c7871c2de4346c8af872f10f4501e44 https://github.com/OISF/suricata/commit/af246ae7ab1b70c09f83c0619b253095ccc18667 https://github.com/OISF/suricata/security/advisories/GHSA-5jvg-5j3p-34cf https://redmine.openinfosecfoundation.org/issues/8156
Patch
https://github.com/OISF/suricata/releases
Share on: