Feature #8517: ikev2: new buffers and keywords - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8517

open

ikev2: new buffers and keywords

Feature #8517: ikev2: new buffers and keywords

Added by Stuart DC about 14 hours ago. Updated about 13 hours ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Recently reviewed and attempted to create coverage on Windows IKEv2 vulnerability which lead me to find that Suricata only carves buffers for nonce and key exchange payloads but here having access to a buffer for the Encrypted Payload would have been convenient.

https://www.zerodayinitiative.com/blog/2026/4/22/cve-2026-33824-remote-code-execution-in-windows-ikev2

It would great to have the rest of the IKE payloads given keyword buffers.
RFC: https://datatracker.ietf.org/doc/html/rfc4306

Additionally, it'd be great to have a keyword for Next Payload which contains all `next payload` values (in sequence) or for each payload a keyword (ike.encrypt_payload_next).

Related issues 1 (1 open — 0 closed)

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #8517

ikev2: new buffers and keywords

VJ Updated by Victor Julien about 13 hours ago Actions
Copy link
#1

VJ Updated by Victor Julien about 13 hours ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Feature #8517

ikev2: new buffers and keywords

VJ Updated by Victor Julien about 13 hours ago ActionsCopy link #1

VJ Updated by Victor Julien about 13 hours ago ActionsCopy link #2

VJ Updated by Victor Julien about 13 hours ago Actions
Copy link
#1

VJ Updated by Victor Julien about 13 hours ago Actions
Copy link
#2