Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-29915

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-10 Apr, 2025 | 19:51
Updated At-10 Apr, 2025 | 20:05
Rejected At-
Credits

Suricata af-packet: defrag option can lead to truncated packets affecting visibility

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:10 Apr, 2025 | 19:51
Updated At:10 Apr, 2025 | 20:05
Rejected At:
▼CVE Numbering Authority (CNA)
Suricata af-packet: defrag option can lead to truncated packets affecting visibility

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.

Affected Products
Vendor
OISF
Product
suricata
Versions
Affected
  • < 7.0.9
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347: Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347: Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/OISF/suricata/security/advisories/GHSA-7m5c-cqx4-x8mp
x_refsource_CONFIRM
https://github.com/OISF/suricata/commit/d78f2c9a4e2b59f44daeddff098915084493d08d
x_refsource_MISC
https://redmine.openinfosecfoundation.org/issues/5373
x_refsource_MISC
Hyperlink: https://github.com/OISF/suricata/security/advisories/GHSA-7m5c-cqx4-x8mp
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/OISF/suricata/commit/d78f2c9a4e2b59f44daeddff098915084493d08d
Resource:
x_refsource_MISC
Hyperlink: https://redmine.openinfosecfoundation.org/issues/5373
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:10 Apr, 2025 | 20:15
Updated At:29 May, 2025 | 15:47

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches

oisf
oisf
>>suricata>>Versions before 7.0.9(exclusive)
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-347Primarysecurity-advisories@github.com
CWE ID: CWE-347
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/OISF/suricata/commit/d78f2c9a4e2b59f44daeddff098915084493d08dsecurity-advisories@github.com
Patch
https://github.com/OISF/suricata/security/advisories/GHSA-7m5c-cqx4-x8mpsecurity-advisories@github.com
Vendor Advisory
Issue Tracking
https://redmine.openinfosecfoundation.org/issues/5373security-advisories@github.com
Issue Tracking
Hyperlink: https://github.com/OISF/suricata/commit/d78f2c9a4e2b59f44daeddff098915084493d08d
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/OISF/suricata/security/advisories/GHSA-7m5c-cqx4-x8mp
Source: security-advisories@github.com
Resource:
Vendor Advisory
Issue Tracking
Hyperlink: https://redmine.openinfosecfoundation.org/issues/5373
Source: security-advisories@github.com
Resource:
Issue Tracking

Change History

0
Information is not available yet

Similar CVEs

55Records found

CVE-2021-25636
Matching Score-4
Assigner-Document Foundation, The
ShareView Details
Matching Score-4
Assigner-Document Foundation, The
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.32%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect trust validation of signature with ambiguous KeyInfo children

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

Action-Not Available
Vendor-libreofficeThe Document FoundationFedora Project
Product-fedoralibreofficeLibreOffice
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-14966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.93%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 11:20
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.

Action-Not Available
Vendor-jsrsasign_projectn/aNetApp, Inc.
Product-max_datajsrsasignn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-33054
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.95%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 14:40
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)

Action-Not Available
Vendor-inversen/aDebian GNU/Linux
Product-debian_linuxsogon/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-36285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.06%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 15:38
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.

Action-Not Available
Vendor-unionpayintln/a
Product-union_payn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-3322
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.64%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 09:25
Updated-05 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lock WARP switch bypass on WARP mobile client using iOS quick action

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warp_mobile_clientWARP
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
  • Previous
  • 1
  • 2
  • Next
Details not found