CVE-2025-29918

Name	CVE-2025-29918
Description	Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability in inline mode. This vulnerability is fixed in 7.0.9.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-4103-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
suricata (PTS)	bullseye	1:6.0.1-3	vulnerable
	bullseye (security)	1:6.0.1-3+deb11u1	fixed
	trixie	1:7.0.10-1+deb13u4	fixed
	forky, sid	1:8.0.4-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
suricata	source	bullseye	1:6.0.1-3+deb11u1		DLA-4103-1
suricata	source	(unstable)	1:7.0.9-1

Notes

Fixed by: https://github.com/OISF/suricata/commit/b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b (master)
Fixed by: https://github.com/OISF/suricata/commit/f6c9490e1f7b0b375c286d5313ebf3bc81a95eb6 (suricata-7.0.9)