PT-2026-4996 · Open Source · Suricata

Ashivb

Publicado

2026-01-01

Atualizado

2026-01-27

CVE-2026-22264

CVSS v3.1

9.4

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 8.0.3 Suricata versions prior to 7.0.14

Description Suricata is a network IDS, IPS and NSM engine. An unsigned integer overflow can lead to a heap use-after-free condition when generating a large number of alerts for a single packet. To mitigate the issue, avoid running untrusted rulesets or running Suricata with less than 65536 signatures that can match on the same packet.

Recommendations Update to Suricata version 8.0.3 or later. Update to Suricata version 7.0.14 or later. Avoid running untrusted rulesets. Run Suricata with at least 65536 signatures that can match on the same packet.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

BDU:2026-01034

CVE-2026-22264

GHSA-MQR8-M3M4-2HW5

OPENSUSE-SU-2026:10082-1

Produtos afetados

Suricata

PT-2026-4996 · Open Source · Suricata

CVE-2026-22264

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31