CVE-2025-59147 (CNNVD-202510-020)
中文标题:
Suricata 安全特征问题漏洞
英文标题:
Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets
漏洞描述
中文描述:
Suricata是Open Information Security基金会的一个网络IDS、IPS和NSM引擎。 Suricata 7.0.11及之前版本和8.0.0版本存在安全特征问题漏洞,该漏洞源于处理特制流量时未能正确识别TCP会话,可能导致检测绕过。
英文描述:
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| OISF | suricata | < 7.0.12 | - | - |
cpe:2.3:a:oisf:suricata:<__7.0.12:*:*:*:*:*:*:*
|
| OISF | suricata | >= 8.0.0, < 8.0.1 | - | - |
cpe:2.3:a:oisf:suricata:>=_8.0.0,_<_8.0.1:*:*:*:*:*:*:*
|
| oisf | suricata | * | - | - |
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
|
| oisf | suricata | 8.0.0 | - | - |
cpe:2.3:a:oisf:suricata:8.0.0:-:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-59147 |
2025-11-11 15:23:31 | 2025-11-11 07:40:46 |
| NVD | nvd_CVE-2025-59147 |
2025-11-11 15:01:04 | 2025-11-11 07:48:33 |
| CNNVD | cnnvd_CNNVD-202510-020 |
2025-11-11 15:12:29 | 2025-11-11 08:00:15 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-202510-020
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 2 -> 4
- data_sources: ['cve'] -> ['cve', 'nvd']