Project

General

Profile

Actions
Copy link

Feature #8517

open
SD

ikev2: new buffers and keywords

Feature #8517: ikev2: new buffers and keywords

Added by Stuart DC about 14 hours ago. Updated about 13 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Recently reviewed and attempted to create coverage on Windows IKEv2 vulnerability which lead me to find that Suricata only carves buffers for nonce and key exchange payloads but here having access to a buffer for the Encrypted Payload would have been convenient.

https://www.zerodayinitiative.com/blog/2026/4/22/cve-2026-33824-remote-code-execution-in-windows-ikev2

It would great to have the rest of the IKE payloads given keyword buffers.
RFC: https://datatracker.ietf.org/doc/html/rfc4306

Additionally, it'd be great to have a keyword for Next Payload which contains all `next payload` values (in sequence) or for each payload a keyword (ike.encrypt_payload_next).

Related issues 1 (1 open0 closed)

Related to Suricata - Task #4772: tracking: parity between fields logged and fields available for detectionAssignedVictor JulienActions

VJ Updated by Victor Julien about 13 hours ago Actions
Copy link
 #1

  • Subject changed from New IKEv2 Payloads Buffers and Keywords to ikev2: new buffers and keywords

Could you provide a more specific lists of which buffers and keywords you'd expect, suggest naming and syntax and ideally also describe what the usecase per keyword is?

VJ Updated by Victor Julien about 13 hours ago Actions
Copy link
 #2

  • Related to Task #4772: tracking: parity between fields logged and fields available for detection added
Actions
Copy link

Also available in: PDF Atom