CVE-2025-59149
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oisf | suricata | 8.0.0 |
| oisf | suricata | 8.0.0 |
| oisf | suricata | 8.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Suricata version 8.0.0 involves a stack buffer overflow that occurs when rules using the keyword ldap.responses.attribute_type with transforms are processed during Suricata startup or rule reload. The issue arises because the ldap.responses.attribute_type is long and mishandled, leading to memory corruption. It is fixed in version 8.0.1, and a workaround is to disable rules with ldap.responses.attribute_type and transforms.
How can this vulnerability impact me? :
The vulnerability can cause a stack buffer overflow, which may lead to a denial of service by crashing Suricata during startup or rule reload. Since the CVSS score indicates no impact on confidentiality or integrity but a high impact on availability, the main risk is service disruption.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should disable rules that use the ldap.responses.attribute_type keyword with transforms in Suricata. Additionally, upgrading Suricata to version 8.0.1 or later will fix the issue.