Suricata 8.x < 8.0.5 Multiple Vulnerabilities

high Nessus Plugin ID 318836

Synopsis

An IDS/IPS solution running on the remote host is affected by multiple vulnerabilities.

Description

The version of OISF Suricata installed on the remote host is 8.x prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities, including:

- LDAP transaction state could store an unbounded number of responses. Because LDAP can be processed over UDP, crafted traffic may cause Suricata to consume excessive memory, potentially resulting in denial of service.
(CVE-2026-45768)

- A Lua rule that registers too many flow variables can corrupt Lua detection state and may bypass Suricata's restricted Lua sandbox. This requires an affected Lua script/rule to be loaded. Excessive flow variables being registered may also cause Suricata to crash. (CVE-2026-45770)

- Suricata's IP defragmentation code could deadlock when processing fragmented traffic containing an encapsulated tunnel protocol whose payload is itself fragmented. (CVE-2026-46352)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade Suricata to version 8.0.5 or higher.

Plugin Details

Severity: High

ID: 318836

File Name: suricata_8_0_5.nasl

Version: 1.1

Type: Local

Agent: windows, macosx, unix

Family: Misc.

Published: 6/5/2026

Updated: 6/5/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/a:oisf:suricata

Required KB Items: installed_sw/Open Information Security Foundation Suricata

Patch Publication Date: 5/19/2026

Vulnerability Publication Date: 5/19/2026

Reference Information

CVE: CVE-2026-45752, CVE-2026-45763, CVE-2026-45768, CVE-2026-45770, CVE-2026-46352

IAVB: 2026-B-0147

Detections

Analytics