CVE-2025-29916
- Source
- https://cve.org/CVERecord?id=CVE-2025-29916
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-29916.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-29916
- Aliases
-
- GHSA-27g3-pmvp-j9cv
- Downstream
- Related
- Published
- 2025-04-10T20:03:16.834Z
- Modified
- 2026-06-18T14:54:55.038107Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Suricata datasets: ruleset declared settings can lead to resource starvation
- Details
-
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the
hashsizeto use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/29xxx/CVE-2025-29916.json", "cwe_ids": [ "CWE-770" ], "cna_assigner": "GitHub_M" }- References
-
- https://redmine.openinfosecfoundation.org/issues/7615
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/29xxx/CVE-2025-29916.json
- https://github.com/OISF/suricata/security/advisories/GHSA-27g3-pmvp-j9cv
- https://nvd.nist.gov/vuln/detail/CVE-2025-29916
- https://github.com/OISF/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85
Affected packages
Git / github.com/oisf/suricata
Affected ranges
- Type
- GIT
- Repo
- https://github.com/oisf/suricata
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "source": [ "CPE_RANGE", "REFERENCES" ], "cpe": "cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "7.0.9" } ] }
Affected versions
suricata-0.*
suricata-0.8.2
suricata-1.*
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
suricata-1.2
suricata-1.2.1
suricata-1.2beta1
suricata-1.2rc1
suricata-1.3
suricata-1.3.1
suricata-1.3beta1
suricata-1.3beta2
suricata-1.3rc1
suricata-1.4
suricata-1.4beta1
suricata-1.4beta2
suricata-1.4beta3
suricata-1.4rc1
suricata-2.*
suricata-2.0
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0.2
suricata-2.0beta1
suricata-2.0beta2
suricata-2.0rc1
suricata-2.0rc2
suricata-2.0rc3
suricata-2.1beta1
suricata-2.1beta2
suricata-2.1beta3
suricata-2.1beta4
suricata-3.*
suricata-3.0
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0RC1
suricata-3.0RC2
suricata-3.0RC3
suricata-3.1
suricata-3.1.1
suricata-3.1.2
suricata-3.1RC1
suricata-3.2
suricata-3.2.1
suricata-3.2RC1
suricata-3.2beta1
suricata-4.*
suricata-4.0.0
suricata-4.0.0-beta1
suricata-4.0.0-rc1
suricata-4.0.0-rc2
suricata-4.0.1
suricata-4.1.0
suricata-4.1.0-beta1
suricata-4.1.0-rc1
suricata-4.1.0-rc2
suricata-4.1.1
suricata-4.1.2
suricata-5.*
suricata-5.0.0
suricata-5.0.0-beta1
suricata-5.0.0-rc1
suricata-5.0.1
suricata-6.*
suricata-6.0.0
suricata-6.0.0-beta1
suricata-6.0.0-rc1
suricata-6.0.1
suricata-7.*
suricata-7.0.0
suricata-7.0.0-beta1
suricata-7.0.0-rc1
suricata-7.0.0-rc2
suricata-7.0.1
suricata-7.0.2
suricata-7.0.3
suricata-7.0.4
suricata-7.0.5
suricata-7.0.6
suricata-7.0.7
suricata-7.0.8
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-29916.json"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "211824016031238304093262559794385341541",
"length": 398.0
},
"target": {
"file": "src/datasets.c",
"function": "DatasetReload"
},
"signature_version": "v1",
"id": "CVE-2025-29916-4563dc2b",
"source": "https://github.com/oisf/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85"
},
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "181092650416939360690392279989268866443",
"length": 3948.0
},
"target": {
"file": "src/datasets.c",
"function": "DatasetGet"
},
"signature_version": "v1",
"id": "CVE-2025-29916-55a6f5d2",
"source": "https://github.com/oisf/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85"
},
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "281012955479511643617007009816018825814",
"length": 1289.0
},
"target": {
"file": "src/util-thash.c",
"function": "THashInit"
},
"signature_version": "v1",
"id": "CVE-2025-29916-92f76b17",
"source": "https://github.com/oisf/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85"
},
{
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"164245737247542456460088153179155334656",
"190401111120363977565935826048214284980",
"43757126823927041345414526219092799861",
"274614961572409840509481275919906736984",
"246051075504163556169231378234481976343",
"246740595757824405265009710728598199063",
"321982323491745845888103012839725178577",
"190034655386767442136860386078967966134",
"180088112735820941842136975118997751800",
"110700514299363647319333368217296655836",
"227488183857360127961291718391917235423",
"267934735828986568672598251766957029854",
"92670270775610280400075067284993686716",
"168639063671785504902917290146361373082",
"306004546976353481285620594467964575038",
"214248451110568248103366431893290258200",
"115619718997469559575151713630860632001",
"48851692658336900459227620003476950632",
"3112565302154069092274591891073277609",
"114806596873684305501107700757577709928",
"274841794682831397439001533625472768665",
"205318592475977948657611657367010577796",
"197504188087719549487726087898363387292",
"305153270038974478809127861022444248178"
],
"threshold": 0.9
},
"target": {
"file": "src/datasets.c"
},
"signature_version": "v1",
"id": "CVE-2025-29916-ad130aad",
"source": "https://github.com/oisf/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85"
},
{
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"122550052887256380752509461945788054525"
],
"threshold": 0.9
},
"target": {
"file": "src/tests/fuzz/confyaml.c"
},
"signature_version": "v1",
"id": "CVE-2025-29916-bf0ae484",
"source": "https://github.com/oisf/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85"
},
{
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"170144863540364177716662769646417151804",
"307991629106810490350331289214197146612",
"737771932170086361536672316699382406",
"283676474260297021456506947934687823691",
"101778236511322540361722384795699200266",
"185463214363686853194047559222957287474",
"140500003912345977348670919337785519189",
"98300445106305773414443891985941689905",
"247658687271257776029993399823238103011",
"95622439389321507993677500703353893417",
"121044361983851386935462785463138634034",
"61625570188685899990333588352329811786"
],
"threshold": 0.9
},
"target": {
"file": "src/util-thash.c"
},
"signature_version": "v1",
"id": "CVE-2025-29916-e02ab74a",
"source": "https://github.com/oisf/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85"
},
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "314367857334738280423327035818671217315",
"length": 3417.0
},
"target": {
"file": "src/datasets.c",
"function": "DatasetsInit"
},
"signature_version": "v1",
"id": "CVE-2025-29916-f09f9cd5",
"source": "https://github.com/oisf/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85"
}
]
vanir_signatures_modified
"2026-06-18T14:54:55Z"