CVE-2025-64333
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-12-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oisf | suricata | to 7.0.13 (exc) |
| oisf | suricata | From 8.0.0 (inc) to 8.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Suricata, a network IDS/IPS/NSM engine, occurs when logging a large HTTP content type, which can cause a stack overflow and crash the Suricata process. It affects versions prior to 7.0.13 and 8.0.2 and has been patched in those versions.
How can this vulnerability impact me? :
The vulnerability can cause Suricata to crash due to a stack overflow when processing large HTTP content types. This can lead to denial of service, reducing the effectiveness of network intrusion detection and prevention, potentially leaving the network unmonitored or unprotected during the crash.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Suricata to version 7.0.13 or 8.0.2 or later where the issue is patched. As a workaround, limit the stream.reassembly.depth setting to less than half the process stack size. Additionally, increasing the process stack size can reduce the likelihood of the bug triggering.