PT-2025-38269 · Open Information Security Foundation+1 · Suricata+1

Philippe Antoine

Published

2025-09-04

Updated

2025-11-21

CVE-2025-59150

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 8.0.1

Description Suricata, a network IDS, IPS and NSM engine, experiences a segmentation fault when processing decoded subjectaltnames containing a NULL byte. This occurs due to the use of the tls.subjectaltname keyword in version 8.0.0. Disabling rules that utilize the tls.subjectaltname keyword can serve as a temporary workaround.

Recommendations Update to Suricata version 8.0.1 or later. Disable rules using the tls.subjectaltname keyword.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2025-14099

BDU:2025-13675

CVE-2025-59150

GHSA-MHV7-QFMJ-M3F3

OPENSUSE-SU-2025:15592-1

Affected Products

Alt Linux

Suricata

PT-2025-38269 · Open Information Security Foundation+1 · Suricata+1

CVE-2025-59150

Weakness Enumeration

Related Identifiers

Affected Products

References · 25