{"id":"CVE-2025-59150","summary":"Suricata: Keyword tls.subjectaltname can lead to NULL-ptr deref","details":"Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword can lead to a segmentation fault when the decoded subjectaltname contains a NULL byte. This issue is fixed in version 8.0.1. To workaround this issue, disable rules using the tls.subjectaltname keyword.","aliases":["GHSA-mhv7-qfmj-m3f3"],"modified":"2026-04-02T12:56:47.454559Z","published":"2025-10-01T20:23:54.207Z","related":["openSUSE-SU-2025:15592-1"],"database_specific":{"cwe_ids":["CWE-476"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59150.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"},{"type":"WEB","url":"https://redmine.openinfosecfoundation.org/issues/7881"},{"type":"WEB","url":"https://www.vicarius.io/vsociety/posts/cve-2025-59150-suricata-detection-script"},{"type":"WEB","url":"https://www.vicarius.io/vsociety/posts/cve-2025-59150-suricata-mitigation-script"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59150.json"},{"type":"ADVISORY","url":"https://github.com/OISF/suricata/security/advisories/GHSA-mhv7-qfmj-m3f3"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59150"},{"type":"FIX","url":"https://github.com/OISF/suricata/commit/d590fdfe42e995fd558315f0c24f9a352e21479d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oisf/suricata","events":[{"introduced":"9956286fb89f9cad9e9f95b99dc751f8666617b7"},{"fixed":"2444feed0d5ff5beb52e4d6e1f7ece487f3de179"}]}],"versions":["suricata-8.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59150.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}