CVE-2025-64334
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-12-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oisf | suricata | From 8.0.0 (inc) to 8.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Suricata versions 8.0.0 to before 8.0.2 involves unbounded memory growth during decompression of compressed HTTP data, specifically related to LZMA decompression. This can cause the system to consume excessive memory, potentially leading to denial of service. The issue has been fixed in version 8.0.2, and workarounds include disabling LZMA decompression or limiting the response-body size.
How can this vulnerability impact me? :
The vulnerability can cause unbounded memory growth during decompression, which may lead to denial of service (DoS) by exhausting system resources. This can disrupt network intrusion detection and prevention capabilities, potentially allowing malicious traffic to go undetected or causing system instability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Suricata to version 8.0.2 or later. Alternatively, you can apply a workaround by disabling LZMA decompression or limiting the response-body-limit size in your Suricata configuration.