CVE-2025-53537

CVE-2025-53537

Name

CVE-2025-53537

Description

LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false. This issue is fixed in version 0.5.51.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7
CONFIRM	https://github.com/OISF/libhtp/security/advisories/GHSA-v3qq-h8mh-vph7

Type

URI

MISC

https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7

CONFIRM

https://github.com/OISF/libhtp/security/advisories/GHSA-v3qq-h8mh-vph7

CPE URI	Source package	Min version	Max version
	libhtp	>= 0	< 0.5.51
`cpe:2.3:a:oisf:libhtp::::::::`	libhtp	>= None	< 0.5.51

CPE URI

Source package

Min version

Max version

libhtp

>= 0

< 0.5.51

cpe:2.3:a:oisf:libhtp:*:*:*:*:*:*:*:*

libhtp

>= None

< 0.5.51

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libhtp	edge-community	0.5.49-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
libhtp	edge-community	0.5.50-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
libhtp	3.22-community	0.5.49-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
libhtp	3.22-community	0.5.50-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libhtp

edge-community

0.5.49-r0

Steve McMaster <code@mcmaster.io>

possibly vulnerable

libhtp

edge-community