CVE-2025-64333

CVE-2025-64333

Name

CVE-2025-64333

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves limiting stream.reassembly.depth to less then half the stack size. Increasing the process stack size makes it less likely the bug will trigger.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://github.com/OISF/suricata/security/advisories/GHSA-537h-xxmx-v87m

Type

URI

CONFIRM

https://github.com/OISF/suricata/security/advisories/GHSA-537h-xxmx-v87m

Match rules

CPE URI	Source package	Min version	Max version
	suricata	>= 0	< 7.0.13
	suricata	>= 0	< 8.0.2
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= None	< 7.0.13
`cpe:2.3:a:oisf:suricata::::::::`	suricata	>= 8.0.0	< 8.0.2

CPE URI

Source package

Min version

Max version

suricata

>= 0

< 7.0.13

suricata

>= 0

< 8.0.2

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= None

< 7.0.13

cpe:2.3:a:oisf:suricata:*:*:*:*:*:*:*:*

suricata

>= 8.0.0

< 8.0.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
suricata	edge-community	8.0.0-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.10-r1	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.10-r0	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.8-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.7-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	7.0.6-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.4-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	edge-community	6.0.3-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	3.22-community	7.0.10-r1	Steve McMaster <steve@mcmaster.io>	possibly vulnerable
suricata	3.22-community	7.0.8-r0	Steve McMaster <code@mcmaster.io>	possibly vulnerable
suricata	3.22-community	7.0.7-r0	None	possibly vulnerable
suricata	3.22-community	7.0.6-r0	None	possibly vulnerable
suricata	3.22-community	6.0.4-r0	None	possibly vulnerable
suricata	3.22-community	6.0.3-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

suricata

edge-community

8.0.0-r0

Steve McMaster <steve@mcmaster.io>

possibly vulnerable

suricata

edge-community