FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-06-06 18:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1d53db32-0d60-11f0-8542-b42e991fc52e	suricata -- Multiple vulnerabilities Suricate team reports: Multiple vulnerabilities CVE-2025-29915: Severity HIGH. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. CVE-2025-29916: Severity Moderate. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation CVE-2025-29917: Severity HIGH. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread. CVE-2025-29918: Severity HIGH. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. Discovery 2025-03-12 Entry 2025-03-30 suricata < 7.0.9 CVE-2025-29915 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29915 CVE-2025-29916 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29916 CVE-2025-29917 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29917 CVE-2025-29918 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29918

VuXML ID

Description

1d53db32-0d60-11f0-8542-b42e991fc52e

suricata -- Multiple vulnerabilities

Suricate team reports:

Multiple vulnerabilities

CVE-2025-29915: Severity HIGH. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets.
CVE-2025-29916: Severity Moderate. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation
CVE-2025-29917: Severity HIGH. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per thread.
CVE-2025-29918: Severity HIGH. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode.

Discovery 2025-03-12
Entry 2025-03-30
suricata

< 7.0.9

CVE-2025-29915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29915
CVE-2025-29916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29916
CVE-2025-29917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29917
CVE-2025-29918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29918