CNNVD-202601-4495 Information
CNNVD ID
CNNVD-202601-4495
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
Suricata是Open Information Security基金会的一个网络IDS、IPS和NSM引擎。 Suricata 8.0.3之前版本和7.0.14之前版本存在安全漏洞,该漏洞源于解析特制DCERPC流量时缓冲区可能无限扩展,导致内存耗尽和进程终止。
Description (English)
Suricata is a web-based IDS, IPS and NSM engine of the Open Information Security Foundation. There is a security gap in the previous version of Suricata 8.3 and the previous version of 7.0.14, which stems from the possibility of an unlimited expansion of the buffer zone during the decomposition of specially designed DCERPC flows, leading to the depletion of memory and the termination of the process.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Open Information Security
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/OISF/suricata/commit/39d8c302af3422a096b75474a4f295a754ec6a74 https://github.com/OISF/suricata/commit/f82a388d0283725cb76782cf64e8341cab370830 https://github.com/OISF/suricata/security/advisories/GHSA-289c-h599-3xcx https://redmine.openinfosecfoundation.org/issues/8182 https://access.redhat.com/security/cve/cve-2026-22258
Patch
https://github.com/OISF/suricata/releases
Share on: