CVE-2025-59150
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
01/10/2025
Last modified:
23/10/2025
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oisf:suricata:8.0.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018
- https://github.com/OISF/suricata/commit/d590fdfe42e995fd558315f0c24f9a352e21479d
- https://github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3
- https://redmine.openinfosecfoundation.org/issues/7881
- https://www.vicarius.io/vsociety/posts/cve-2025-59150-suricata-detection-script
- https://www.vicarius.io/vsociety/posts/cve-2025-59150-suricata-mitigation-script