Suricata < 7.0.11 DoS

high Nessus Plugin ID 243230

Synopsis

An IDS/IPS solution running on the remote host is affected by a denial of service vulnerability.

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of visibility. Workarounds include disabling the HTTP/2 parser, and using a signature like drop http2 any any -> any any (frame:http2.hdr; byte_test:1,=,0,3; byte_test:4,=,0,5; sid:
1;) where the first byte test tests the HTTP2 frame type DATA and the second tests the stream id 0. This is fixed in versions 7.0.11 and 8.0.0.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Suricata to 7.0.11, 8.0.0 or higher.

See Also

http://www.nessus.org/u?50113241

Plugin Details

Severity: High

ID: 243230

File Name: suricata_CVE-2025-53538.nasl

Version: 1.2

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 7/31/2025

Updated: 8/1/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2025-53538

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/a:oisf:suricata

Required KB Items: installed_sw/Open Information Security Foundation Suricata

Patch Publication Date: 7/26/2025

Vulnerability Publication Date: 7/26/2025

Reference Information

CVE: CVE-2025-53538

IAVB: 2025-B-0126