HIGH🇬🇧 English

CVE-2026-31931

CVSS 7.5v3.1pub. 2026-04-02upd. 2026-04-07

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Oisf Suricata

    APP
    Oisf
    8.0.0 – 8.0.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-35853CRITICAL9.8ten sam produkt

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lu...

CVE-2021-37592CRITICAL9.8ten sam produkt

Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that ca...

CVE-2019-18792CRITICAL9.1ten sam produkt

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlappi...

CVE-2018-10244CRITICAL9.8ten sam produkt

Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the pa...

CVE-2026-31932HIGH7.5ten sam produkt

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffer...