CVE-2025-53538
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-22

Last updated on: 2025-10-06

Assigner: GitHub, Inc.

Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of visibility. Workarounds include disabling the HTTP/2 parser, and using a signature like drop http2 any any -> any any (frame:http2.hdr; byte_test:1,=,0,3; byte_test:4,=,0,5; sid: 1;) where the first byte test tests the HTTP2 frame type DATA and the second tests the stream id 0. This is fixed in versions 7.0.11 and 8.0.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-22
Last Modified
2025-10-06
Generated
2026-05-07
AI Q&A
2025-07-23
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53538
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
oisf suricata to 7.0.11 (exc)
oisf suricata 8.0.0
oisf suricata 8.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Suricata versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1 involves mishandling of data on HTTP/2 stream 0, which can cause uncontrolled memory usage. This can lead to loss of visibility in the network monitoring system. The issue is fixed in versions 7.0.11 and 8.0.0.


How can this vulnerability impact me? :

The vulnerability can lead to uncontrolled memory usage in Suricata, resulting in loss of visibility in network intrusion detection and prevention. This means that malicious activity or attacks might not be detected or blocked, potentially exposing the network to threats.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by using a Suricata signature that drops HTTP/2 traffic on stream 0, such as: drop http2 any any -> any any (frame:http2.hdr; byte_test:1,=,0,3; byte_test:4,=,0,5; sid:1;). This signature tests for HTTP/2 frame type DATA and stream id 0, which are indicators of the vulnerability exploitation attempt.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include disabling the HTTP/2 parser in Suricata and applying the signature that drops HTTP/2 traffic on stream 0 as described above. Additionally, upgrading Suricata to version 7.0.11 or 8.0.0 or later will fix the vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart