2358917 – (CVE-2025-29915) CVE-2025-29915 Suricata: Suricata af-packet: defrag option can lead to truncated packets affecting visibility

Bug 2358917 (CVE-2025-29915) - CVE-2025-29915 Suricata: Suricata af-packet: defrag option can lead to truncated packets affecting visibility

Summary: CVE-2025-29915 Suricata: Suricata af-packet: defrag option can lead to trunca...

Keywords:
Status:	NEW
Alias:	CVE-2025-29915
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2359009 2359010 2359011 2359012
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-10 20:12 UTC by OSIDB Bzimport
Modified:	2025-04-11 04:45 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-04-10 20:12:09 UTC

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.

Note You need to log in before you can comment on or make changes to this bug.