Improper Verification of Cryptographic Signature Affecting suricata package, versions <1:7.0.9-1


Severity

Recommended
low

Based on default assessment until relevant scores are available.

Threat Intelligence

EPSS
0.01% (2nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN13-SURICATA-9485760
  • published20 Mar 2025
  • disclosed10 Apr 2025

Introduced: 20 Mar 2025

CVE-2025-29915  (opens in a new tab)
CWE-347  (opens in a new tab)

How to fix?

Upgrade Debian:13 suricata to version 1:7.0.9-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream suricata package and not the suricata package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.