CVE-2025-29918

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/OISF/suricata/commit/b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b	Patch
https://github.com/OISF/suricata/security/advisories/GHSA-924c-vvm5-9mqx	Vendor Advisory
https://redmine.openinfosecfoundation.org/issues/7526	Permissions Required
https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

History

03 Nov 2025, 20:18

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html -

Information

Published : 2025-04-10 21:15

Updated : 2025-11-03 20:18

NVD link : CVE-2025-29918

Mitre link : CVE-2025-29918

CVE.ORG link : CVE-2025-29918

JSON object : View

Products Affected

oisf

suricata

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2025-29918", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-04-10T21:15:49.033", "references": [{"url": "https://github.com/OISF/suricata/commit/b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/OISF/suricata/security/advisories/GHSA-924c-vvm5-9mqx", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://redmine.openinfosecfoundation.org/issues/7526", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00029.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9."}, {"lang": "es", "value": " Suricata es un sistema de detecci\u00f3n de intrusiones de red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de red. Se puede escribir una regla PCRE que conduzca a un bucle infinito cuando se utiliza PCRE negado. El hilo de procesamiento de paquetes queda atascado en un bucle infinito, lo que limita la visibilidad y la disponibilidad en el modo en l\u00ednea. Esta vulnerabilidad se corrigi\u00f3 en 7.0.9."}], "lastModified": "2025-11-03T20:18:08.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9747C005-47BE-4477-9599-5B4177C3579E", "versionEndExcluding": "7.0.9"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}