CVE-2025-29918

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/OISF/suricata/commit/b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b
https://github.com/OISF/suricata/security/advisories/GHSA-924c-vvm5-9mqx
https://redmine.openinfosecfoundation.org/issues/7526

Configurations

No configuration.

History

11 Apr 2025, 15:39

Type	Values Removed	Values Added
Summary		(es) Suricata es un sistema de detección de intrusiones de red, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. Se puede escribir una regla PCRE que conduzca a un bucle infinito cuando se utiliza PCRE negado. El hilo de procesamiento de paquetes queda atascado en un bucle infinito, lo que limita la visibilidad y la disponibilidad en el modo en línea. Esta vulnerabilidad se corrigió en 7.0.9.

10 Apr 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-10 21:15

Updated : 2025-04-11 15:39

NVD link : CVE-2025-29918

Mitre link : CVE-2025-29918

CVE.ORG link : CVE-2025-29918

JSON object : View

Products Affected

No product.

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

6.2 /10