{"id":"CVE-2018-1000167","details":"OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The \"list-sources\"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1.","aliases":["GHSA-7c4h-w765-6pwg","PYSEC-2018-75"],"modified":"2026-03-14T09:25:44.202719Z","published":"2018-04-18T19:29:00.833Z","references":[{"type":"ADVISORY","url":"https://redmine.openinfosecfoundation.org/issues/2359"},{"type":"EVIDENCE","url":"https://tech.feedyourhead.at/content/remote-code-execution-in-suricata-update"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oisf/suricata-update","events":[{"introduced":"0"},{"last_affected":"dc1a320daadb1cd2372b8ef3c48eb682e50ebd6a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.0a1"}]}}],"versions":["1.0.0a1","1.0.0b1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000167.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}