CVE-2025-64332

Name
CVE-2025-64332
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling SWF decompression (swf-decompression in suricata.yaml), it is disabled by default; set decompress-depth to lower than half your stack size if swf-decompression must be enabled.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/OISF/suricata/commit/ad446c9006a77490af51c468aae0ce934f4d2117
CONFIRM https://github.com/OISF/suricata/security/advisories/GHSA-p32q-7wcp-gv92

Match rules

CPE URI Source package Min version Max version
suricata >= 0 < 7.0.13
suricata >= 0 < 8.0.2
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:* suricata >= None < 7.0.13
cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:* suricata >= 8.0.0 < 8.0.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
suricata edge-community 8.0.0-r0 Steve McMaster <steve@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.10-r1 Steve McMaster <steve@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.10-r0 Steve McMaster <steve@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.8-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.7-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 7.0.6-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 6.0.4-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata edge-community 6.0.3-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata 3.22-community 7.0.10-r1 Steve McMaster <steve@mcmaster.io> possibly vulnerable
suricata 3.22-community 7.0.8-r0 Steve McMaster <code@mcmaster.io> possibly vulnerable
suricata 3.22-community 7.0.7-r0 None possibly vulnerable
suricata 3.22-community 7.0.6-r0 None possibly vulnerable
suricata 3.22-community 6.0.4-r0 None possibly vulnerable
suricata 3.22-community 6.0.3-r0 None possibly vulnerable